Certified Information Security Manager (CISM) — Question 632

Which of the following should be the PRIMARY consideration when developing an incident response plan?

Answer options

• A. Previously reported incidents
• B. Management support
• C. Compliance with regulations
• D. The definition of an incident

Correct answer: D

Explanation

The definition of an incident is crucial because it sets the foundation for the entire incident response plan, ensuring that all team members understand what constitutes an incident. While management support, compliance, and past incidents are important, they are secondary to having a clear definition, which guides the response process effectively.