Certified Information Systems Auditor (CISA) — Question 228

A new regulation requires organizations to report significant security incidents to the regulator within 24 hours of identification. Which of the following is the IS auditor's BEST recommendation to facilitate compliance with the regulation?

Answer options

• A. Include the requirement in the incident management response plan.
• B. Enhance the alert functionality of the intrusion detection system (IDS).
• C. Engage an external security incident response expert for incident handling.
• D. Establish key performance indicators (KPIs) for timely identification of security incidents.

Correct answer: A

Explanation

The correct answer is A because including the requirement in the incident management response plan ensures that the organization has a structured approach to comply with the regulation. Options B and C, while potentially beneficial for incident detection and handling, do not directly address the reporting requirement. Option D focuses on performance metrics rather than immediate compliance with the regulatory mandate.