Certified Information Systems Auditor (CISA) — Question 916

An IS auditor reviewing incident response management processes notices that resolution times for reoccurring incidents have not shown improvement. Which of the following is the auditor's BEST recommendation?

Answer options

• A. Implement a survey to determine future incident response training needs.
• B. Introduce problem management into incident response.
• C. Incorporate a security information and event management (SIEM) system into incident response.
• D. Harden IT system and application components based on best practices.

Correct answer: B

Explanation

The best recommendation is to introduce problem management into incident response, as it focuses on identifying and addressing the root causes of recurring incidents, which can lead to improved resolution times. The other options, while beneficial, do not directly address the underlying issues causing the repeated incidents, making them less effective in this context.