An information security manager is advised by contacts in law enforcement that there is evidence
that his/ her company is being targeted by a skilled gang of hackers known to use a variety of
techniques, including social engineering and network penetration. The FIRST step that the
security manager should take is to:
A.
perform a comprehensive assessment of the organization’s exposure to the hacker’s
techniques.
B.
initiate awareness training to counter social engineering.
C.
immediately advise senior management of the elevated risk.
D.
increase monitoring activities to provide early detection of intrusion.
Explanation:
Information about possible significant new risks from credible sources should be provided to
management along with advice on steps that need to be taken to counter the threat. The security
manager should assess the risk, but senior management should be immediately advised. It may
be prudent to initiate an awareness campaign subsequent to sounding the alarm if awareness
training is not current. Monitoring activities should also be increased.