Certified Information Security Manager (CISM) — Question 524

In an organization that has several independent security tools including intrusion detection systems (IDSs) and firewalls, which of the following is the BEST way to ensure timely detection of incidents?

Answer options

• A. Implement a log aggregation and correlation solution.
• B. Ensure that the incident response plan is endorsed by senior management.
• C. Ensure staff are cross trained to manage all security tools.
• D. Outsource the management of security tools to a service provider.

Correct answer: A

Explanation

Implementing a log aggregation and correlation solution allows for centralized monitoring and analysis of logs from various security tools, facilitating quicker incident detection. While having management support and cross-training staff are important, they do not directly enhance the speed of incident detection as effectively as a log aggregation solution. Outsourcing may introduce delays and dependencies that could hinder timely responses.