Certified Information Security Manager (CISM) — Question 557

When establishing escalation processes for an organization's computer security incident response team, the organization's procedures should:

Answer options

• A. require events to be escalated whenever possible to ensure that management is kept informed.
• B. provide unrestricted communication channels to executive leadership to ensure direct access.
• C. specify step-by-step escalation paths to ensure an appropriate chain of command.
• D. recommend the same communication path for events to ensure consistency of communication.

Correct answer: C

Explanation

The correct answer is C because specifying step-by-step escalation paths is crucial for maintaining an organized and efficient chain of command during incident responses. Option A, while important for keeping management informed, does not address the need for a structured escalation process. Option B focuses on communication access rather than the escalation process itself, and option D emphasizes consistency but disregards the need for a clear hierarchy in escalation.