Certified Information Security Manager (CISM) — Question 1030

Which of the following is MOST important for the information security manager to confirm when reviewing an incident response plan?

Answer options

• A. The plan includes a requirement for post-incident review
• B. The plan is based on a business impact analysis (BIA)
• C. The plan is stored at backup recovery locations
• D. The plan is readily available to provide to auditors.

Correct answer: B

Explanation

The correct answer is B because a business impact analysis (BIA) ensures that the incident response plan aligns with the organization's priorities and risks. Options A, C, and D, while important, do not hold the same level of significance in establishing a response plan that effectively mitigates potential impacts on the business.