Certified Information Security Manager (CISM) — Question 1219

An IT service desk was not adequately prepared for a recent ransomware attack on user workstations. Which of the following should be given HIGHEST priority by the information security team when creating an action plan to improve service desk readiness?

Answer options

• A. Investing in threat intelligence capability
• B. Implementing key risk indicators (KRIs) for ransomware attacks
• C. Updating the information security incident response manual
• D. Strengthening the organization's data backup capability

Correct answer: C

Explanation

The correct answer is C because updating the incident response manual ensures that the service desk has a clear and effective plan to follow during a ransomware attack. While enhancing data backup capability and investing in threat intelligence are important, they do not directly address the immediate need for a well-defined response process. Implementing KRIs is useful for monitoring risks but does not provide actionable guidance during an incident.