Certified Information Security Manager (CISM) — Question 900

Which of the following would BEST enable the help desk to recognize an information security incident?

Answer options

• A. Provide the help desk with criteria for security incidents.
• B. Include members of the help desk on the security incident response team.
• C. Require the help desk to participate in past-incident reviews.
• D. Train the help desk to review the call logs.

Correct answer: A

Explanation

Providing the help desk with criteria for security incidents is essential because it gives them a clear framework to identify issues. While including help desk members on the response team or having them participate in past reviews can be beneficial, it does not directly equip them with the knowledge needed to recognize incidents in real time. Training to review call logs is also helpful but less effective than having specific criteria for incidents.