Certified Information Security Manager (CISM) — Question 607

Which of the following is the MOST effective way to detect information security incidents?

Answer options

• A. Establishing proper policies for response to threats and vulnerabilities
• B. Performing regular testing of the incident response program
• C. Providing regular and up-to-date training for the incident response team
• D. Educating end users on threat awareness and timely reporting

Correct answer: D

Explanation

Educating end users on threat awareness and timely reporting is crucial because they are often the first line of defense in identifying incidents. While having policies, testing programs, and training teams are important, they do not directly engage the broader user base, which can provide immediate insights into potential threats.