Learn the most critical element for an information security manager to verify when assessing an incident response plan according to ISACA CISM certification exam standards.
Table of Contents
Question
Which of the following is MOST important for the information security manager to confirm when reviewing an incident response plan?
A. The plan includes a requirement for post-incident review
B. The plan is based on a business impact analysis (BIA)
C. The plan is stored at backup recovery locations
D. The plan is readily available to provide to auditors.
Answer
When reviewing an incident response plan, the most important thing for an information security manager to confirm is:
B. The plan is based on a business impact analysis (BIA)
Explanation
A well-designed incident response plan should be firmly grounded in a thorough business impact analysis. The BIA identifies the organization’s critical business processes, systems, and data, and assesses the potential impact of disruptions to them. This information is essential for prioritizing incident response efforts and ensuring that the plan focuses on minimizing damage to the most vital business assets.
While the other options listed are also important considerations, they are secondary to having a plan based on a solid BIA foundation. Post-incident reviews (A) are valuable for improving future responses but don’t directly impact the effectiveness of the current plan. Having copies of the plan in backup locations (C) is a best practice for accessibility, but not as crucial as the plan’s content. And while being audit-ready (D) is useful, audits are less important than having a plan that actually protects the business.
In summary, building the incident response plan based on BIA findings should be the information security manager’s top priority when reviewing the plan, as this maximizes its relevance and effectiveness in safeguarding critical business operations.
ISACA CISM certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the ISACA CISM exam and earn ISACA CISM certification.