Certified Information Security Manager (CISM) — Question 309

Which of the following BEST determines the allocation of resources during a security incident response?

Answer options

• A. Defined levels of severity
• B. Senior management commitment
• C. A business continuity plan (BCP)
• D. An established escalation process

Correct answer: A

Explanation

The correct answer, A, is vital because defined levels of severity help prioritize incidents, ensuring that resources are allocated effectively based on the threat's impact. While senior management commitment (B) and a business continuity plan (C) are important for overall strategy, they do not directly dictate resource allocation during an incident. An established escalation process (D) helps in managing incidents but does not specifically address resource distribution.