Certified Information Security Manager (CISM) — Question 533

An information security manager has determined that the mean time to prioritize information security incidents has increased to an unacceptable level. Which of the following processes would BEST enable the information security manager to address this concern?

Answer options

• A. Incident classification
• B. Incident response
• C. Forensic analysis
• D. Vulnerability assessment

Correct answer: A

Explanation

The correct answer is A, Incident classification, because this process helps in categorizing incidents based on their severity and urgency, thus improving prioritization and response times. The other options, while important, do not specifically address the need to prioritize incidents effectively. Incident response focuses on how to handle incidents once they are prioritized, forensic analysis deals with investigating incidents after they occur, and vulnerability assessment identifies weaknesses but does not directly help in incident prioritization.