PECB Lead Implementer (ISO/IEC 27001) — Question 65

Following a reported event, an information security event ticket has been completed and its priority has been assigned. Then, the event has been evaluated to determine if it is an information security incident. Which phase of the incident management has been completed?

Answer options

• A. Initial assessment and decision
• B. Detection and reporting
• C. Evaluation and confirmation

Correct answer: A

Explanation

The correct answer is A, as this phase involves the initial assessment of the reported event and deciding its classification. Options B and C do not apply here; B focuses on the identification of the event, while C pertains to the analysis and validation of the incident itself, which comes after the initial assessment.