Certified Information Security Manager (CISM) — Question 241

A post-incident review revealed that key stakeholders took longer than acceptable to decide whether an application should be shut down following a security breach. Which of the following is management's BEST course of action to rectify this issue?

Answer options

• A. Improve incident response criteria.
• B. Improve incident response testing.
• C. Define incident classification.
• D. Establish containment procedures.

Correct answer: C

Explanation

Defining incident classification helps stakeholders understand the severity and urgency of issues, leading to quicker decision-making. Improving incident response criteria or testing may not directly address the decision-making delay, while establishing containment procedures focuses on managing the incident rather than the decision process.