ISACA CISM: Automated control to resolve security incidents not being appropriately escalated.

Table of Contents

Question
Answer
Explanation
Reference

Question

An information security manager notes that security incidents are not being appropriately escalated by the help desk after tickets are logged. Which of the following is the BEST automated control to resolve this issue?

A. Integrating automated service level agreement (SLA) reporting into the help desk ticketing system
B. Changing the default setting for all security incidents to the highest priority
C. Integrating incident response workflow into the help desk ticketing system
D. Implementing automated vulnerability scanning in the help desk workflow

Answer

C. Integrating incident response workflow into the help desk ticketing system

Explanation

The BEST automated control to resolve the issue of security incidents not being appropriately escalated by the help desk after tickets are logged is:

C. Integrating incident response workflow into the help desk ticketing system.

Explanation:

Option A, integrating automated service level agreement (SLA) reporting into the help desk ticketing system, focuses on reporting and monitoring the SLAs related to incident response but does not directly address the problem of inappropriate escalation. It may help track and measure response times, but it does not ensure proper escalation.

Option B, changing the default setting for all security incidents to the highest priority, is not the best solution. Assigning the highest priority to all security incidents by default may result in misclassification and overwhelm the help desk with a large number of high-priority incidents, potentially impacting the resolution of other critical issues.

Option D, implementing automated vulnerability scanning in the help desk workflow, is not directly related to the issue of inappropriate escalation of security incidents. Vulnerability scanning is a proactive security measure and focuses on identifying vulnerabilities in systems and applications, rather than the escalation process for incidents.

Option C, integrating incident response workflow into the help desk ticketing system, is the most appropriate solution. By integrating the incident response workflow, the help desk staff will have clear instructions and predefined steps for escalating security incidents. This integration ensures that incidents are appropriately handled and escalated to the relevant security team or personnel based on their severity and impact. It streamlines the incident response process and improves the effectiveness and efficiency of escalation procedures.

Integrating the incident response workflow into the help desk ticketing system can include features such as predefined escalation paths, automated notifications, incident categorization, and clear instructions for help desk staff to follow when escalating security incidents. This ensures that incidents are promptly and correctly escalated to the appropriate individuals or teams responsible for incident response and resolution.

In summary, integrating the incident response workflow into the help desk ticketing system is the best automated control to address the issue of security incidents not being appropriately escalated. It improves the incident handling process, ensures proper escalation, and enhances the organization’s overall incident response capabilities.

Reference

Isaca Certified Information Security Manager CISM certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Isaca Certified Information Security Manager CISM exam and earn Isaca Certified Information Security Manager CISM certification.