Certified Information Security Manager (CISM) — Question 475

Which of the following is the MOST important reason to involve external forensics experts in evidence collection when responding to a major security breach?

Answer options

• A. To provide the response team with expert training on evidence handling
• B. To ensure evidence is handled by qualified resources
• C. To prevent evidence from being disclosed to any internal staff members
• D. To validate the incident response process

Correct answer: B

Explanation

The correct answer, B, emphasizes the necessity of having skilled professionals handle evidence to maintain its integrity and admissibility in legal contexts. Options A and D, while relevant, do not address the critical aspect of evidence handling by qualified individuals. Option C is misleading as it suggests a focus on secrecy rather than proper management of evidence.