Certified Information Security Manager (CISM) — Question 897

Which of the following is the MOST important reason to classify an incident after detection?

Answer options

• A. To assign appropriate prioritization levels
• B. To obtain funds for external forensic support
• C. To approve data breach notifications
• D. To ensure management is accurately informed

Correct answer: A

Explanation

The correct answer is A because classifying an incident helps determine its severity and urgency, allowing for effective resource allocation and response prioritization. The other options, while relevant in certain contexts, do not directly address the immediate need for prioritization after an incident is detected.