Certified Information Security Manager (CISM) — Question 874

Which of the following metrics is MOST appropriate for evaluating the incident notification process?

Answer options

• A. Elapsed time between detection, reporting, and response
• B. Average number of incidents per reporting period
• C. Average total cost of downtime per reported incident
• D. Elapsed time between response and resolution

Correct answer: A

Explanation

Option A is the best choice because it directly measures the efficiency of the incident notification process from detection to response. The other options focus on different aspects of incidents, such as frequency, cost, or resolution time, which do not specifically evaluate the effectiveness of the notification process.