Certified Information Security Manager (CISM) — Question 854

Which of the following is the MOST important consideration to support potential legal action when responding to a security incident?

Answer options

• A. Contacting the appropriate law enforcement agency
• B. Encrypting the documentation being assembled
• C. Maintaining chain-of-custody of evidence
• D. Preparing full forensic system backups

Correct answer: C

Explanation

Maintaining chain-of-custody of evidence is crucial because it ensures that the evidence remains admissible in court and has not been tampered with. While contacting law enforcement, encrypting documentation, and preparing backups are important, they do not directly address the legal integrity of the evidence needed for potential litigation.