Who should an information security manager contact FIRST upon discovering that a cloud-based payment system used by the organization may be infected with malware?
"may be infected" is not the same as "has been infected". "may be infected" requires first a confirmation of the cloud-based system provider that the probability of an infection is sufficient to trigger a security incident and that it is not just a rumor. So the only good response is C.
Upon discovering a potential malware infection, the incident response team (IRT) should be contacted first. This team is responsible for evaluating, containing, and mitigating security incidents, as well as coordinating the appropriate response actions. Engaging the incident response team ensures the issue is addressed systematically, minimizing impact and avoiding premature communication that may not yet be warranted.
Tricky qn. as I feel it depends on the culture and expectations of the business you're involved in. In the absence of this info, I'm leaning towards D. Why? Being proactive is part of a broader incident response strategy meaning potential security incidents are managed i.e. contained quickly, effectively, minimizing damage and recovery time.
Thinking through IR scenarios ive been in, early assessments, preparation, readiness and good learnings for the IRT were all benefits of situations (confirmed or unconfirmed such as force-majeure).
It will be a job of an incident response team to further check with Cloud provider regarding the potential issue hence option D. The information security manager is not going contact the CSP directly. You may have multiple cloud providers, it's not information security manager's job to contact them individually every time there is a potential problem.
I guess since the issue is not on our side its on CSP's side then we should contact them to confirm the issue, real question who should contact them? The SM or the IR, but i guess since he discovered the issue to cut the time he should do it.
When an information security manager discovers that a cloud-based payment system used by the organization may be infected with malware, the FIRST contact should typically be the organization's incident response team. The incident response team is responsible for handling and coordinating the response to security incidents.
The incident response team will assess the situation, gather relevant information, and take appropriate actions to contain and mitigate the impact of the malware infection. They will work towards identifying the root cause, implementing necessary remediation measures, and restoring the system's security.
It makes sense. "May be affected" means not verified issue or an incident.
You need to verify from CSP first before taking any action. --> C
upvoted 2 times
...
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
todush
Highly Voted 11 months, 1 week agorealmjmj
3 weeks, 3 days agoVishalgupta26
Most Recent 3 weeks, 4 days agohelg420
1 month, 3 weeks agoe891cd1
3 months agoCCIEBYDEC
4 months, 2 weeks agooluchecpoint
5 months, 1 week agojcisco123
6 months, 2 weeks agoUncle_Lucifer
7 months agoUncle_Lucifer
7 months ago[Removed]
8 months, 1 week agorichck102
1 year, 1 month agomad68
1 year, 1 month agodedfef
1 year, 3 months agoDERCHEF2009
1 year, 3 months agoUncle_Lucifer
7 months ago