Certified Information Systems Auditor (CISA) — Question 1083

Which of the following should be the PRIMARY objective of an organization's incident management program?

Answer options

• A. Preventing recurrence of similar incidents in the future
• B. Reducing the number and severity of security incidents throughout the organization
• C. Closing incidents in accordance with service level agreements (SLAs)
• D. Enabling the organization to resume normal business operations

Correct answer: D

Explanation

The correct answer is D because the primary goal of incident management is to ensure the organization can quickly restore normal operations after an incident occurs. While preventing recurrence, reducing incidents, and closing incidents per SLAs are important, they are secondary to the main focus of resuming business as usual.