Certified Information Systems Auditor (CISA) — Question 1107

Which of the following is the MOST important consideration when designing a risk-based incident response management program?

Answer options

• A. Monitoring recurring low-risk events
• B. Minimizing false-positive and false-negative alerts
• C. Testing and updating the incident response plan annually
• D. Assigning roles and responsibilities

Correct answer: D

Explanation

Assigning roles and responsibilities is crucial as it ensures that all team members know their specific duties during an incident, leading to a more efficient response. While monitoring events, minimizing alerts, and testing plans are important, they do not have the same foundational impact on the overall effectiveness of the incident response program.