Certified Information Security Manager (CISM) — Question 1089

Which of the following is MOST important to include in security incident escalation procedures?

Answer options

• A. Recovery procedures
• B. Containment procedures
• C. Key objectives of the security program
• D. Notification criteria

Correct answer: D

Explanation

The correct answer is D, as having clear notification criteria ensures that the right stakeholders are informed promptly during a security incident. Options A and B, while important, focus on responses after an incident occurs rather than ensuring that communication is established. Option C, though relevant to the overall security strategy, is less critical in the immediate context of incident escalation.