Certified Information Security Manager (CISM) — Question 288

Which of the following is the MOST reliable way to ensure network security incidents are identified as soon as possible?

Answer options

• A. Install stateful inspection firewalls.
• B. Conduct workshops and training sessions with end users.
• C. Collect and correlate IT infrastructure event logs.
• D. Train help desk staff to identify and prioritize security incidents.

Correct answer: C

Explanation

The correct answer, C, is effective because collecting and correlating IT infrastructure event logs enables a comprehensive view of potential security incidents. Options A and B provide some level of security but do not directly enhance the speed of detection, while D focuses on help desk training, which, although useful, is not as reliable as analyzing event logs for immediate incident identification.