Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam

Exam CISM topic 1 question 497 discussion

Actual exam question from Isaca's CISM
Question #: 497
Topic #: 1
[All CISM Questions]

Which of the following should an information security manager do FIRST when informed that customer data has been breached within a third-party vendor's environment?

  • A. Communicate the breach to leadership.
  • B. Request and verify evidence of the breach.
  • C. Notify the incident response team.
  • D. Review vendor obligations in the contract.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Proctored_Expert
Highly Voted 1 year, 10 months ago
Selected Answer: B
When informed that customer data has been breached within a third-party vendor's environment, the information security manager should request and verify evidence of the breach (option B) FIRST. It is important to confirm that a breach has actually occurred before taking any further action. Requesting and verifying evidence of the breach can help to confirm the extent of the breach and the types of data that may have been compromised. Once the evidence has been obtained and verified, the information security manager can then take the appropriate next steps, such as notifying the incident response team (option C) and communicating the breach to leadership (option A). Option D, reviewing vendor obligations in the contract, could be useful in understanding the rights and responsibilities of the vendor and the company in the event of a breach, but it should not be the first step taken.
upvoted 8 times
...
Souvik124
Highly Voted 1 year, 8 months ago
When informed that customer data has been breached within a third-party vendor's environment, an information security manager should FIRST notify the incident response team (Option C). Notifying the incident response team is critical to initiate the organization's incident response plan, which will help to contain the breach and mitigate any potential damage. The incident response team can work with the vendor to determine the scope and impact of the breach, as well as to identify the root cause and any potential vulnerabilities that may exist in the vendor's environment. Once the incident response team has been notified, the information security manager should request and verify evidence of the breach (Option B) to determine the extent of the damage and to identify any compromised data or systems. The information security manager should also review vendor obligations in the contract (Option D) to determine what responsibilities the vendor had in protecting customer data and to identify any potential legal or regulatory implications.
upvoted 6 times
[Removed]
1 year, 4 months ago
you say C then you say B. Stop using chatgpt
upvoted 1 times
...
...
ServerBrain
Most Recent 4 weeks, 1 day ago
Selected Answer: B
Verify/Validate first, do things after that.
upvoted 1 times
...
AlexJacobson
9 months, 3 weeks ago
Selected Answer: B
It's a tricky question, but I think the key here is the part that says "within a third-party vendor's environment?". In other words, it didn't happen in the infosec manager's company, but at the third-party vendor to whom the company outsourced some activities. Based on that, the first thing infosec manager should do is ask to see what's the extent of the breach (verify) and them inform incident response team if necessary. So I'm gonna cautiously say it's B, but not 100% on that.
upvoted 1 times
...
profdodi
1 year ago
Before doing any action the IS manager needs to verify the incident before activation the incident response team actions : Option (B)
upvoted 1 times
...
oluchecpoint
1 year, 2 months ago
Selected Answer: C
C. Notify the incident response team. Notifying the incident response team is crucial because they are trained to handle data breaches and can take immediate action to assess the situation, contain the breach, and gather the necessary information for further steps. While the other options (A, B, and D) are also important and should be done promptly, involving the incident response team is often the initial action to ensure an effective and coordinated response to the breach.
upvoted 1 times
...
afc1019
1 year, 3 months ago
Selected Answer: C
Option C
upvoted 1 times
...
Goseu
1 year, 4 months ago
Selected Answer: C
C is the correct answer and they will B .
upvoted 1 times
...
richck102
1 year, 4 months ago
B. Request and verify evidence of the breach.
upvoted 1 times
...
wello
1 year, 5 months ago
Selected Answer: B
B. Request and verify evidence of the breach.
upvoted 1 times
...
[Removed]
1 year, 7 months ago
tricky question: Assume the notification came from the third party, then Notify Incident Response team would be the correct Order Assume the notification came from a news bulletin, Then validate the Breach occurred would be Correct Question does not Justify which so I would go with Notifying the Incident response team
upvoted 1 times
...
bambs
1 year, 9 months ago
Selected Answer: B
The first thing an information security manager should do when informed of a customer data breach within a third-party vendor's environment is to initiate an immediate investigation to determine the scope and impact of the breach. This includes verifying the authenticity of the breach, collecting and preserving evidence, containing the breach to prevent further damage, and communicating with relevant parties, such as the vendor, customers, and law enforcement, as appropriate.
upvoted 1 times
CarlLimps
1 year, 8 months ago
Hey clown, you just answer C in your statement. read this person's first sentence"initiate an immediate investigation....Notify the incident response team.
upvoted 2 times
...
...
aokisan
1 year, 10 months ago
Selected Answer: B
at first, confirm the breach.
upvoted 6 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...