Certified Information Security Manager (CISM) — Question 1042

Which of the following is the GREATEST risk associated with a poorly trained incident response team responding to a major incident?

Answer options

• A. Separation of duty violations
• B. Loss of confidential information
• C. Evidence contamination
• D. Failure to escalate to senior management

Correct answer: C

Explanation

The greatest risk is 'Evidence contamination', as a poorly trained team may mishandle critical evidence, compromising the integrity of the investigation. While loss of confidential information, separation of duty violations, and failure to escalate to management are important risks, they do not directly impact the forensic validity of the incident response as severely as contamination of evidence does.