Certified Information Security Manager (CISM) — Question 333

An organization is aligning its incident response capability with a public cloud service provider. What should be the information security manager’s FIRST course of action?

Answer options

• A. Identify the skill set of the provider's incident response team.
• B. Update the incident escalation process.
• C. Evaluate the provider’s audit logging and monitoring controls.
• D. Review the provider’s incident definitions and notification criteria.

Correct answer: D

Explanation

The correct answer is D because understanding the provider's incident definitions and notification criteria is crucial for effective communication and response. Without this foundational knowledge, the organization cannot ensure that it is aligned with the provider's processes. The other options, while important, come after establishing clear definitions and notification protocols.