Certified in Risk and Information Systems Control (CRISC) — Question 910
A risk practitioner is working with the incident management team to prioritize activities. Which of the following should be the FIRST priority of the incident response plan?
Answer options
- A. Verify an incident actually occurred.
- B. Verify the recovery time objective (RTO).
- C. Brief the senior leadership team,
- D. Identify the root cause of the incident.
Correct answer: A
Explanation
The first step in an incident response plan is to confirm that an incident has occurred, as this establishes the basis for all subsequent actions. Without verification of the incident, efforts to recover or analyze would be premature. The other options, while important, come after establishing that an incident is valid.