Certified Information Security Manager (CISM) — Question 801

Which of the following is MOST critical when creating an incident response plan?

Answer options

• A. Identifying what constitutes an incident
• B. Identifying vulnerable data assets
• C. Documenting incident notification and escalation processes
• D. Aligning with the risk assessment process

Correct answer: A

Explanation

Identifying what constitutes an incident is critical as it sets the foundation for the entire incident response plan, ensuring that the team knows what to respond to. While the other options are important for a comprehensive plan, they are secondary to the initial step of defining the incidents that require a response.