Newly Released Isaca CISM Exam PDF

Initiating incident response is the first course of action for an information security manager when an employee reports the loss of a personal mobile device containing corporate information. This will help to contain the incident, assess the impact, and take appropriate measures to prevent or mitigate further damage. According to ISACA, incident management is one of the key processes for information security governance. Initiating a device reset, disabling remote access, and conducting a risk assessment are possible subsequent actions, but they should be part of the incident response plan. References: 1: Find, lock, or erase a lost Android device - Google Account Help 2: Find, lock, or erase a lost Android device - Android Help 3: Lost or Stolen Mobile Device Procedure - Information Security Office : CISM Practice Quiz | CISM Exam Prep | ISACA : 200 CISM Exam Prep Questions | Free Practice Test | Simplilearn : CISM practice questions to prep for the exam | TechTarget

The best way to address this situation is to assign responsibility to the database administrator (DBA). The DBA should review the databases for sensitive content and assign the appropriate classification level to each database. This should be done in accordance with the organization's information security policies, which should outline the rules and guidelines for classifying information assets. Additionally, the information security manager should prepare a report of the databases for senior management, noting the databases that do not have owners assigned to them, as well as any other relevant information. This will help to ensure that the organization is properly managing its information assets and that any risks associated with the lack of owners are identified and addressed. This information can be found in the ISACA's Certified Information Security Manager (CISM) Study Manual, Section 5.3.