Certified Information Systems Auditor (CISA) — Question 997

Which of the following is MOST important for an IS auditor to confirm when reviewing an organization's incident response management program?

Answer options

• A. All identified incidents are escalated to the CEO and the CISO.
• B. The alerting tools and incident response team can detect incidents.
• C. Incident response is within defined service level agreements (SLAs).
• D. All incidents have a severity level assigned.

Correct answer: B

Explanation

The correct answer, B, highlights the necessity for the alerting tools and incident response team to effectively detect incidents, which is fundamental for initiating any response. While options A, C, and D address important aspects of incident management, they do not directly pertain to the capability of detection, which is pivotal for timely and appropriate responses.