Certified Information Security Manager (CISM) — Question 575

Which of the following is the PRIMARY objective of defining a severity hierarchy for security incidents?

Answer options

• A. To streamline the risk analysis process
• B. To facilitate the classification of an organization's IT assets
• C. To prioritize available incident response resources
• D. To facilitate root cause analysis of incidents

Correct answer: C

Explanation

The correct answer is C because prioritizing incident response resources is crucial in managing security incidents effectively. Options A, B, and D, while relevant to security management, do not focus on the primary goal of ensuring that resources are allocated to the most critical incidents first.