Certified Information Security Manager (CISM) — Question 101

A measure of the effectiveness of the incident response capabilities of an organization is the:

Answer options

• A. number of incidents detected.
• B. number of employees receiving incident response training.
• C. reduction of the annual loss expectancy (ALE).
• D. time to closure of incidents.

Correct answer: D

Explanation

The correct answer is D because the time to closure of incidents directly reflects how efficiently an organization can respond to and resolve issues. Options A and B measure aspects of incident detection and training rather than response effectiveness, while option C, although important, focuses on financial metrics rather than the operational efficiency of incident management.