Certified Information Security Manager (CISM) — Question 96

Which of the following is MOST likely to be a component of a security incident escalation policy?

Answer options

• A. Names and telephone numbers of key management personnel
• B. A severity-ranking mechanism tied only to the duration of the outage
• C. Sample scripts and press releases for statements to media
• D. Decision criteria for when to alert various groups

Correct answer: D

Explanation

The correct answer, D, is essential as it outlines the criteria for notifying relevant parties during a security incident. Option A, while important, does not directly relate to escalation, and options B and C focus on aspects that do not address the critical decision-making process involved in incident escalation.