An information security manager is advised by contacts in law enforcement that there is evidence that his/ her company is being targeted by a skilled gang of hackers known to use a variety of techniques, including social engineering and network penetration. The FIRST step that the security manager should take is to: 

Answer options:

A. perform a comprehensive assessment of the organization`s exposure to the hacker`s techniques.
B. initiate awareness training to counter social engineering.
C. immediately advise senior management of the elevated risk.
D. increase monitoring activities to provide early detection of intrusion.

C

Information about possible significant new risks from credible sources should be provided to management along with advice on steps that need to be taken to counter the threat. The security manager should assess the risk, but senior management should be immediately advised. It may be prudent to initiate an awareness campaign subsequent to sounding the alarm if awareness training is not current. Monitoring activities should also be increased.