Certified Information Security Manager (CISM) — Question 214

An incident management team is alerted to a suspected security event. Before classifying the suspected event as a security incident it is MOST important for the security manager to:

Answer options

• A. follow the incident response plan
• B. follow the business continuity plan (BCP)
• C. conduct an incident forensic analysis
• D. notify the business process owner

Correct answer: A

Explanation

The correct answer is A because following the incident response plan ensures that the team adheres to established procedures for assessing and managing incidents. Options B, C, and D, while important, do not take precedence over the structured approach provided by the incident response plan in the initial assessment of a suspected security event.