Certified Information Security Manager (CISM) — Question 1223

Which of the following is the BEST way to improve an organization's ability to detect and respond to incidents?

Answer options

• A. Conduct a business impact analysis (BIA).
• B. Conduct periodic awareness training.
• C. Perform a security gap analysis.
• D. Perform network penetration testing.

Correct answer: B

Explanation

Regular awareness training ensures that employees are informed about potential threats and the proper procedures to follow during incidents, significantly improving detection and response. While a BIA, security gap analysis, and penetration testing are valuable for overall security posture, they do not directly enhance the immediate ability of the organization to respond to incidents like training does.