Certified Information Security Manager (CISM) — Question 339
The authorization to transfer the handling of an internal security incident to a third-party support provider is PRIMARILY defined by the:
Answer options
- A. escalation procedures.
- B. information security manager.
- C. chain of custody.
- D. disaster recovery plan (DRP).
Correct answer: A
Explanation
The correct answer is A, as escalation procedures outline the steps and authorities involved in handling incidents, including the option to involve third-party support. Options B and D are important in their own right but do not specifically address the transfer of incident handling. Option C, chain of custody, pertains to evidence management rather than incident management delegation.