Certified Information Security Manager (CISM) — Question 213

Which of the following BEST supports the incident management process for attacks on an organization's supply chain?

Answer options

• A. Requiring security awareness training for vendor staff
• B. Including service level agreements (SLAs) in vendor contracts
• C. Performing integration testing with vendor systems
• D. Establishing communication paths with vendors

Correct answer: D

Explanation

Establishing communication paths with vendors is crucial for effective incident management, as it allows for timely information sharing during a security incident. While the other options are important for overall security, they do not directly enhance the immediate response capabilities needed during an attack on the supply chain.