ISACA CISM: Procedures when establishing escalation processes for computer security incident response team

Question

When establishing escalation processes for an organization’s computer security incident response team, the organization’s procedures should:

A. require events to be escalated whenever possible to ensure that management is kept informed.
B. provide unrestricted communication channels to executive leadership to ensure direct access.
C. specify step-by-step escalation paths to ensure an appropriate chain of command.
D. recommend the same communication path for events to ensure consistency of communication.

Answer

C. specify step-by-step escalation paths to ensure an appropriate chain of command.

Explanation

The correct answer is C. specify step-by-step escalation paths to ensure an appropriate chain of command.

Escalation processes should be clearly defined and documented to ensure that incidents are handled in a timely and efficient manner. The escalation process should specify who should be notified of an incident, when they should be notified, and how they should be notified. The escalation process should also specify the roles and responsibilities of the various individuals involved in the incident response process.

The following are some of the benefits of having a clearly defined escalation process:

• Improved communication: A clearly defined escalation process will help to ensure that all stakeholders are kept informed of the incident and the progress being made to resolve it.
• Increased efficiency: A clearly defined escalation process will help to ensure that incidents are handled in a timely and efficient manner.
• Reduced risk: A clearly defined escalation process will help to reduce the risk of an incident from escalating into a major crisis.

Here are some additional details about the importance of step-by-step escalation paths:

• Incidents can vary in severity: Not all incidents are created equal. Some incidents are minor and can be handled by the incident response team without the need for escalation. Other incidents are more serious and may require the involvement of executive leadership.
• The chain of command is important: In order to ensure that incidents are handled in a timely and efficient manner, it is important to have a clear chain of command. This means that there should be a clear understanding of who is responsible for handling incidents at each level of the organization.

By specifying step-by-step escalation paths, organizations can ensure that incidents are handled in a timely and efficient manner, and that the appropriate people are notified of the incident.

Reference

• National Institute of Standards and Technology (nist.gov)
• A Practical Approach to Incident Management Escalation (exigence.io)
• CISM Certification | Certified Information Security Manager | ISACA
• Earn a CISM Certification | ISACA
• CISM Exam Content Outline | CISM Certification | ISACA
• Information Security Incident Response Escalation Guideline (uc.edu)
• Incident Response Escalation Guidance (cisco.com)

Isaca Certified Information Security Manager CISM certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Isaca Certified Information Security Manager CISM exam and earn Isaca Certified Information Security Manager CISM certification.