Isaca Certified in Risk and Information Systems Control CRISC Question # 579 Topic 58 Discussion
CRISC Exam Topic 58 Question 579 Discussion:
Question #: 579
Topic #: 58
A risk practitioner has been notified that an employee sent an email in error containing customers ' personally identifiable information (Pll). Which of the following is the risk practitioner ' s BEST course of action?
A.
Report it to the chief risk officer.
B.
Advise the employee to forward the email to the phishing team.
C.
follow incident reporting procedures.
D.
Advise the employee to permanently delete the email.
The best course of action for the risk practitioner is to follow the incident reporting procedures established by the organization. This will ensure that the incident is properly documented, escalated, and resolved in a timely and consistent manner. Reporting the incident to the chief risk officer, advising the employee to forward the email to the phishing team, or advising the employee to permanently delete the email are not the best courses of action, as they may not comply with the organization’s policies and standards, and may not address the root cause and impact of the incident. References = Risk and Information Systems Control Study Manual, 7th Edition, Chapter 4, Section 4.2.2.1, page 193.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit