Who should an information security manager contact FIRST upon discovering that a cloud-based payment system used by the organization may be infected with malware?
Who should an information security manager contact FIRST upon discovering that a cloud-based payment system used by the organization may be infected with malware?
Upon discovering that a cloud-based payment system may be infected with malware, the first contact should be with the incident response team. The incident response team is responsible for assessing potential security incidents, determining the validity of the threat, and coordinating the necessary response actions. They have the expertise and protocols in place to handle such situations effectively, including contacting the cloud service provider if needed. This ensures that the response is structured, informed, and aligns with the organization's security policies.
"may be infected" is not the same as "has been infected". "may be infected" requires first a confirmation of the cloud-based system provider that the probability of an infection is sufficient to trigger a security incident and that it is not just a rumor. So the only good response is C.
When an information security manager discovers that a cloud-based payment system used by the organization may be infected with malware, the FIRST contact should typically be the organization's incident response team. The incident response team is responsible for handling and coordinating the response to security incidents. The incident response team will assess the situation, gather relevant information, and take appropriate actions to contain and mitigate the impact of the malware infection. They will work towards identifying the root cause, implementing necessary remediation measures, and restoring the system's security.
the correct answer is c
And why? Makes no Sense
It makes sense. "May be affected" means not verified issue or an incident. You need to verify from CSP first before taking any action. --> C
It will be a job of an incident response team to further check with Cloud provider regarding the potential issue hence option D. The information security manager is not going contact the CSP directly. You may have multiple cloud providers, it's not information security manager's job to contact them individually every time there is a potential problem.
I guess since the issue is not on our side its on CSP's side then we should contact them to confirm the issue, real question who should contact them? The SM or the IR, but i guess since he discovered the issue to cut the time he should do it.
D. The incident response team
Tricky qn. as I feel it depends on the culture and expectations of the business you're involved in. In the absence of this info, I'm leaning towards D. Why? Being proactive is part of a broader incident response strategy meaning potential security incidents are managed i.e. contained quickly, effectively, minimizing damage and recovery time. Thinking through IR scenarios ive been in, early assessments, preparation, readiness and good learnings for the IRT were all benefits of situations (confirmed or unconfirmed such as force-majeure).
I would say it would go like this D,A,C who calls B
ISM is the owner of all outsourced , CISM RM 16th Edition
Option D
You need to contact CSP to verify if there is am actual incidence first before escalating to incidence response. --> C
May is not establishment of an incident. It needs to be confirmed before initiating incidence response. Not D. --> definitely C