CISM Certified Information Security Manager – Question1519

An organization was forced to pay a ransom to regain access to a critical database that had been encrypted in a ransomware attack. What would have BEST prevented the need to make this ransom payment?

A.
Storing backups on a segregated network
B. Training employees on ransomware
C. Ensuring all changes are approved
D. Verifying the firewall is configured properly

Correct Answer: A