Certified Information Security Manager (CISM) — Question 778

Which of the following is an information security manager's MOST important course of action when responding to a major security incident that could disrupt the business?

Answer options

• A. Notify law enforcement.
• B. Contact forensic investigators.
• C. Follow the escalation process.
• D. Identify the indicators of compromise.

Correct answer: C

Explanation

The correct answer is C because following the escalation process ensures that the incident is managed effectively and that all necessary stakeholders are informed. Options A and B may be important but are not as critical as ensuring the proper escalation. Option D is also relevant, but identifying indicators of compromise should occur after the escalation process has been initiated.