During a review of system logs of the enterprise, a security manager discovers that a colleague
working on an exercise ran a job to collect confidential information on the company’s clients. The
colleague who ran the job has since left the company to work for a competitor. Based on the (ISC)
Code of Ethics, which one of the following statements is MOST correct? The manager should call the
colleague and explain what has been discovered. The manager should then ask for the return of the
information in exchange for silence.

A.
The manager should warn the competitor that a potential crime has been committed that could
put their company at risk.

B.
The manager should inform his or her appropriate company management, and secure the results
of the recover exercise for future review.

C.
The manager should call the colleague and ask the purpose of running the job prior to informing
his or her company management of the situation.

Explanation:

In the references I have not found out anything that directly relates to this but It would be logical to
assume the answer of going to necessary management. “ISC2 Code of Ethics…. Not commit or be
party to any unlawful or unethical act that may negatively affect their professional reputation or the
reputation of their profession. Appropriately report activity related to the profession that they
believe to be unlawful and shall cooperate with the resulting investigations.” -Ronald Krutz The CISSP
PREP Guide (gold edition) pg 440