A colleague who recently left the organization asked a security professional for a copy of the organization's confidential incident management policy. Which of the following is the BEST response to this request?
A colleague who recently left the organization asked a security professional for a copy of the organization's confidential incident management policy. Which of the following is the BEST response to this request?
The correct response to the request for a copy of the organization's confidential incident management policy from a recently departed colleague is to submit the request using company official channels. This approach ensures that the request is properly reviewed, authorized, and validated by appropriate personnel. Confidential policies typically contain sensitive information intended for internal use, so handling such requests through official company channels ensures the integrity and confidentiality of the information is maintained. It also ensures compliance with company guidelines and legal requirements, and provides a traceable record of the request and its handling.
They are no longer with the organization. So, ignore them.
I agree with “D” though
D is correct
Why D? Policy is confidential and no question to responding to ex-employees. I would ignore.
You wont be providing them the policy unless that request is approved, which you first push up to management for a approval and also to make aware that a request for the policy has been requested by an outsider. Also what if the outsider goes and ask someone else as well. You organization should be made aware that such inquires are being requested.
D is the BEST answer. "Do not acknowledge receiving the request" equals to lie. As a CISSP professional, you should achieve to the Code of Ethics Canons - "#2 Act honorably, honestly, justly, responsibly, and legally"
The correct answer is C. In a non-governmental organization, anything labeled as Confidential is on the same class as Top Secret in a government institution so the idea of asking or inquiring if such a classification can be shared is null and void. Ignore him/her!
C. Keyword is confidential.
it's confidential
Answer is C, always think like a manager as you know these are confidential and are red line. For D, you would look bad since your employees expect you to know what can be shared and what is not. If this wasn't a CISSP exam question, D might be on the table for a normal employee.
Options A and B may compromise the confidentiality of the policy by potentially exposing it to unauthorized individuals or distribution channels. Option C is not a proactive or professional approach to handling the request and could lead to misunderstandings or potential legal issues. Therefore, option D is the most appropriate and responsible course of action in this situation.
In my Opinion, The BEST response to the request for a copy of the organization's confidential incident management policy from a recently departed colleague is option D: Submit the request using company official channels to ensure the policy is okay to distribute. Confidential incident management policies typically contain sensitive information and are intended for internal use within the organization. Therefore, it is important to handle such requests in a controlled and authorized manner. Option D: Submitting the request using official company channels is the best course of action. By following company protocols, the request can be properly reviewed, authorized, and validated by the appropriate personnel. This ensures that the policy is shared only with authorized individuals and in compliance with company guidelines and legal requirements. Therefore, option D is the most appropriate response to the request for the organization's confidential incident management policy from a former colleague.
Not acknowledging receiving the request from the former colleague and ignoring them may be rude or unprofessional, and may also raise suspicion or resentment from the former colleague
As the colleague is no longer part of the organization, they no longer have a legitimate need to access the confidential incident management policy. Ignoring the request and not acknowledging receipt helps maintain the confidentiality and security of the policy.
These answers are all bad but D makes the most sense because you should always report these kinds of requests to someone.
At a minimum, that data is classified as Sensitive. Which means that it is for internal user only.
D. Submit the request using company official channels to ensure the policy is okay to distribute. Explanation: Option D is the most appropriate response because it ensures that proper procedures are followed for distributing sensitive organizational policies, especially after the colleague has left the organization. By submitting the request through official channels, such as contacting the appropriate personnel in the organization's administration or legal department, it allows for proper review and authorization before sharing the policy.
Ideally, answer should be "Reply that this document is confidential and that he has no more access privilege to it". Since that is not possible, let's consider. A and B are out (you do not 'declassify' confidential documents informally) C is... unprofessional and as pointed out leaves possibility open for other colleagues to answer with A or B and compromize the document. With D, you are certain that - If he has legitimate reason to access it, then it will be authorized and traced - If he has none, then it will be properly denied (and traced again) C is D
C just sounds like a remission to me.
What if asked in person or over the phone, question doesn't specify how he asked, bad question.