A colleague who recently left the organization asked a security professional for a copy of the organization's confidential incident management policy. Which of the following is the BEST response to this request?
A.
Access the policy on a company-issued device and let the former colleague view the screen.
B.
E-mail the policy to the colleague as they were already part of the organization and familiar with it.
C.
Do not acknowledge receiving the request from the former colleague and ignore them.
D.
Submit the request using company official channels to ensure the policy is okay to distribute.
You wont be providing them the policy unless that request is approved, which you first push up to management for a approval and also to make aware that a request for the policy has been requested by an outsider. Also what if the outsider goes and ask someone else as well. You organization should be made aware that such inquires are being requested.
Someone is asking a security professional for confidential documents, of cause cannot distribute. But the security professional doesn’t need to reply directly and seek official channel instead.
I agree with other answers that simply ignoring them is a lie. Your organization needs to know they made the request, so go through the proper channels (let your company know).
Ideally, answer should be "Reply that this document is confidential and that he has no more access privilege to it". Since that is not possible, let's consider.
A and B are out (you do not 'declassify' confidential documents informally)
C is... unprofessional and as pointed out leaves possibility open for other colleagues to answer with A or B and compromize the document.
With D, you are certain that
- If he has legitimate reason to access it, then it will be authorized and traced
- If he has none, then it will be properly denied (and traced again)
C is
D
D. Submit the request using company official channels to ensure the policy is okay to distribute.
Explanation:
Option D is the most appropriate response because it ensures that proper procedures are followed for distributing sensitive organizational policies, especially after the colleague has left the organization. By submitting the request through official channels, such as contacting the appropriate personnel in the organization's administration or legal department, it allows for proper review and authorization before sharing the policy.
Options A and B may compromise the confidentiality of the policy by potentially exposing it to unauthorized individuals or distribution channels. Option C is not a proactive or professional approach to handling the request and could lead to misunderstandings or potential legal issues. Therefore, option D is the most appropriate and responsible course of action in this situation.
As the colleague is no longer part of the organization, they no longer have a legitimate need to access the confidential incident management policy. Ignoring the request and not acknowledging receipt helps maintain the confidentiality and security of the policy.
Answer is C, always think like a manager as you know these are confidential and are red line.
For D, you would look bad since your employees expect you to know what can be shared and what is not. If this wasn't a CISSP exam question, D might be on the table for a normal employee.
Not acknowledging receiving the request from the former colleague and ignoring them may be rude or unprofessional, and may also raise suspicion or resentment from the former colleague
This section is not available anymore. Please use the main Exam Page.CISSP Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
franbarpro
Highly Voted 2 years, 9 months agoCKaraf
3 months agofranbarpro
2 years, 7 months agojackdryan
2 years, 1 month agodev46
Highly Voted 2 years, 8 months agoYadster
2 years, 8 months agoEKP
Most Recent 2 weeks, 2 days agofuzzyguzzy
2 months, 1 week agoServerBrain
2 months, 4 weeks agodeeden
10 months, 1 week ago64elpaso
1 year agoJenkins3mol
1 year, 1 month ago73f8ac3
1 year, 2 months agoNuwanCha
1 year, 2 months agoParikshitcyber
1 year, 2 months agohomeysl
1 year, 2 months agoKyanka
1 year, 3 months agoxxxBadManxxx
1 year, 4 months agoIntheZone
1 year, 5 months agoddjkl
1 year, 6 months agothanhlb
1 year, 7 months ago