Certified Information Security Manager (CISM) — Question 660

Which of the following should be the FIRST step of incident response procedures?

Answer options

• A. Classify the event depending on severity and type
• B. Perform a risk assessment to determine the business impact
• C. Evaluate the cause of the control failure
• D. Identify if there is a need for additional technical assistance

Correct answer: A

Explanation

The first step in incident response is to classify the event based on its severity and type, as this helps in determining the appropriate response strategy. Performing a risk assessment (B) and evaluating the cause (C) are important but come after the initial classification. Identifying the need for additional technical assistance (D) may also be necessary, but it follows the classification of the incident.