Which of the following should be the information security manager’s FIRST course of action?

An information security manager learns that a departmental system is out of compliance with the information security policy’s authentication requirements.

Which of the following should be the information security manager’s FIRST course of action?
A . Isolate the noncompliant system from the rest of the network.
B . Submit the issue to the steering committee for escalation.
C . Request risk acceptance from senior management.
D . Conduct an impact analysis to quantify the associated risk.

View Answer

Answer: D