An organization has learned of a security breach at another company that utilizes similar
technology. The FIRST thing the information security manager should do is:
A.
assess the likelihood of incidents from the reported cause.
B.
discontinue the use of the vulnerable technology.
C.
report to senior management that the organization is not affected.
D.
remind staff that no similar security breaches have taken place.
Explanation:
The security manager should first assess the likelihood of a similar incident occurring, based on
available information. Discontinuing the use of the vulnerable technology would not necessarily be
practical since it would likely be needed to support the business. Reporting to senior management
that the organization is not affected due to controls already in place would be premature until the
information security manager can first assess the impact of the incident. Until this has been
researched, it is not certain that no similar security breaches have taken place.