Certified Information Security Manager (CISM) — Question 721

Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?

Answer options

• A. Documenting multiple scenarios for the organization and response steps
• B. Providing training from third-party forensics firms
• C. Obtaining industry certifications for the response team
• D. Conducting tabletop exercises appropriate for the organization

Correct answer: D

Explanation

Conducting tabletop exercises is the best way to ensure that incident response teams are prepared because it allows teams to practice their response in a simulated environment, enhancing their readiness. While documenting scenarios, third-party training, and obtaining certifications are beneficial, they do not provide the hands-on experience that tabletop exercises offer.