Certified Information Security Manager (CISM) — Question 907

When responding to a security incident, information security management and the affected business unit management cannot agree whether to escalate the incident to senior management. Which of the following would MOST effectively prevent this situation from recurring?

Answer options

• A. Develop additional communication channels.
• B. Obtain senior management buy-in for incident response processes.
• C. Periodically test the incident response plan.
• D. Create a clear definition of incident classifications.

Correct answer: D

Explanation

Creating a clear definition of incident classifications ensures that all parties understand the severity and implications of an incident, facilitating consistent decision-making. Other options may improve communication or support but do not address the fundamental issue of classification disagreement that leads to escalation disputes.