Certified Information Security Manager (CISM) — Question 839

Which of the following is the BEST course of action when an organization's incident response team does not have expertise in forensic analysis?

Answer options

• A. Contract with external forensic experts.
• B. Develop forensic analysis procedures.
• C. Document the shortcoming.
• D. Acquire forensic analysis tools.

Correct answer: A

Explanation

The best action is to contract with external forensic experts, as they have the necessary skills and experience to handle complex forensic investigations effectively. Developing procedures, documenting shortcomings, or acquiring tools may not address the immediate need for expertise in handling forensic analysis.