Certified Information Security Manager (CISM) — Question 1115

Which of the following is MOST important to verify during a test of an organization's incident response process?

Answer options

• A. Whether incident response team members know their responsibilities
• B. Whether senior management endorses the incident response process
• C. Whether users know which numbers to call in the call tree
• D. Whether incident response team members are cross-trained

Correct answer: A

Explanation

Verifying that incident response team members know their responsibilities is critical because it ensures that everyone understands their role during an incident, leading to an effective response. While management support (B), user awareness of contacts (C), and cross-training (D) are important, they do not have the same direct impact on the immediate effectiveness of the incident response process as team members' understanding of their duties.