Changed CISM Exam Questions

When responding to a major security incident that could disrupt the business, the information security manager’s most important course of action is to follow the escalation process. The escalation process is a predefined set of steps and procedures that define who should be notified, when, how, and with what information in the event of a security incident. The escalation process helps to ensure that the appropriate stakeholders, such as senior management, business units, legal counsel, public relations, and external parties, are informed and involved in the incident response process. The escalation process also helps to coordinate the actions and decisions of the incident response team and the business continuity team, and to align the incident response objectives with the business priorities and goals. The escalation process should be documented and communicated as part of the incident response plan, and should be reviewed and updated regularly to reflect the changes in the organization’s structure, roles, and responsibilities.

References =

CISM Review Manual 15th Edition, page 1631

CISM 2020: Incident Management and Response, video 32

Incident Response Models3

A culture that supports security encourages behaviors that protect information assets.

“Organizational culture has a significant impact on how employees approach security, influencing their behavior and adherence to policies.”

— CISM Review Manual 15th Edition, Chapter 3: Information Security Program Development and Management, Section: Security Culture*

Business continuity is the primary objective of a cyber resilience strategy, as it aims to ensure that the organization can continue to deliver its essential products and services in the face of cyber disruptions, and recover to normal operations as quickly and effectively as possible. A cyber resilience strategy should align with the business continuity plan and support the organization’s mission, vision, and values. (From CISM Review Manual 15th Edition)