Which of the following should be the information security manager’s FIRST course of action?

December 17, 2021 by Admin

An information security manager learns that a departmental system is out of compliance with the information security policy’s authentication requirements. Which of the following should be the information security manager’s FIRST course of action?

  • Isolate the noncompliant system from the rest of the network.
  • Submit the issue to the steering committee for escalation.
  • Request risk acceptance from senior management.
  • Conduct an impact analysis to quantify the associated risk.

Leave a Reply