Certified Information Security Manager (CISM) — Question 273

Which of the following is the MOST important incident management consideration for an organization subscribing to a cloud service?

Answer options

• A. Decision on the classification of cloud-hosted data
• B. Expertise of personnel providing incident response
• C. Implementation of a SIEM in the organization
• D. An agreement on the definition of a security incident

Correct answer: D

Explanation

The correct answer is D because having a shared understanding of what defines a security incident is crucial for effective incident management. This agreement ensures that all parties can respond appropriately and consistently. The other options, while important, do not directly address the foundational need for clarity in incident definitions.