Certified Information Security Manager (CISM) — Question 304

Which of the following is MOST important to consider when defining escalation processes for incident response procedures?

Answer options

• A. Key risk indicators (KRIs)
• B. Business continuity plans (BCPs)
• C. Recovery time objectives (RTOs)
• D. Key performance indicators (KPIs)

Correct answer: C

Explanation

Recovery time objectives (RTOs) are essential because they determine the maximum acceptable downtime for services after an incident, guiding how quickly a response team must act. While KRIs, BCPs, and KPIs are important for overall risk management and performance measurement, they do not directly address the urgency and time sensitivity of incident response like RTOs do.