Certified Information Security Manager (CISM) — Question 86

Senior management is concerned that the incident response team took unapproved actions during incident response that put business objectives at risk. Which of the following is the BEST way for the information security manager to respond to this situation?

Answer options

• A. Update roles and responsibilities of the incident response team.
• B. Train the incident response team on escalation procedures.
• C. Implement a monitoring solution for incident response activities.
• D. Validate that the information security strategy maps to corporate objectives.

Correct answer: B

Explanation

Training the incident response team on escalation procedures is vital to ensure they understand when to seek approval and how to act within set guidelines. While updating roles, implementing monitoring, and validating alignment with corporate objectives are important, they do not directly address the immediate concern of unauthorized actions during incidents.