Exam CISM topic 1 question 222 discussion

what classification would you give it? how would you base the severity of the incident if you don't know what the risk is? C is the most common sense

A. Initiate incident response. The first action that an information security manager should take upon being notified of the loss of a personal mobile device containing corporate information is to initiate the incident response process. This process is designed to handle such events with a structured approach, which typically includes steps such as assessing the situation, containing the impact, eradicating the threat if any, and recovering from the incident.

That's an incident, Risk hasn't changed.

Device is lost, so not able to do proper risk assessment.

Answer C

I'd go with C. We first need to establish what corporate information was on it. It's a totally different game if you have confidential data on there vs. some marketing materials. So before we panic and spend more time and resources than necessary, we need to assess the actual risk of this. BTW, I think the word "personal" was put in there to imply there wasn't MDM at play, so remote wipe is likely not possible.

Based on my post answer is A.

If it just said a device was lost without including corporate information I would agree the answer is C. Since the report included corporate information was on the phone this should immediately move into incident response. Answer is A.

Without knowing what was lost and the impact, declaring an incident is premature.

It’s definitely C. Resetting wouldn’t achieve anything and disabling remote access would actually be counterproductive. You may do A, and if the question asked the BEST response I’d go with that however it asks first. So it’s C

C. Conduct a risk assessment. In this scenario, the first step the information security manager should take is to conduct a risk assessment. This is a critical initial action because it allows the organization to understand the potential impact of the loss of the personal mobile device containing corporate information and assess the level of risk associated with the incident.

The correct answer is C. Conduct a risk assessment. Explanation: When an employee reports the loss of a personal mobile device containing corporate information, the first step the information security manager should take is to conduct a risk assessment. This assessment will help determine the potential impact of the loss on the organization's information security. Here's why the other options are not the first step: A. Initiate incident response: Before initiating an incident response, it's important to assess the potential risks associated with the loss of the device. The risk assessment will guide the appropriate incident response actions.

From the ISACA's CISM Review Manual 15th Edition: "In the event of a loss of a device containing corporate information, the immediate priority is to ensure that the data on the device cannot be accessed. The first step would generally be to initiate a remote wipe or reset of the device, if possible."

A. Initiate incident response.

How come it is A. It should be Option D. By disabling remote access, the organization can prevent unauthorized access to corporate data and minimize the potential impact of the incident. Let me know your thoughts.

The FIRST step the information security manager should take is to initiate incident response. Incident response includes taking immediate steps to prevent further damage or unauthorized access to the corporate information. The incident response team can then assess the situation, conduct a risk assessment, and determine appropriate next steps such as disabling remote access or resetting the device.

Its A Only