Certified Information Security Manager (CISM) — Question 251

The effectiveness of an incident response team will be GREATEST when:

Answer options

• A. the incident response process is updated based on lessons learned.
• B. the incident response team members are trained security personnel.
• C. the incident response team meets on a regular basis to review log files.
• D. incidents are identified using a security information and event monitoring (SIEM) system.

Correct answer: A

Explanation

The correct answer is A because continuously updating the incident response process with lessons learned enhances the team's ability to handle future incidents effectively. Options B, C, and D, while beneficial, do not provide the same level of ongoing improvement and adaptation as updating the response process does.