Certified Information Security Manager (CISM) — Question 1200

Which of the following practices is MOST effective for determining the adequacy of incident management operations?

Answer options

• A. Conducting unannounced external vulnerability testing
• B. Testing current incident response plans with relevant stakeholders
• C. Assessing incident response team members’ incident response skills
• D. Reviewing incident response procedures against best practices

Correct answer: B

Explanation

The correct answer is B because testing current incident response plans with relevant stakeholders directly assesses how well the plan works in practice and identifies areas for improvement. Options A, C, and D, while useful, do not directly evaluate the effectiveness of the incident management operations in a practical scenario.