The correct answer is D because the information security manager is accountable for ensuring that the incident response capability is maintained, tested, and improved. Incident response plans must be tested periodically to confirm that roles, escalation paths, communication procedures, containment steps, and recovery coordination work as intended. Business process owners are responsible for business processes and may participate in tests, especially where business impact is involved, but they are not normally accountable for the information security incident response plan itself. The business continuity manager may be accountable for business continuity or disaster recovery exercises, but this question specifically refers to incident response. Incident response team members perform response activities and participate in exercises, but accountability for ensuring the plan is tested belongs to the manager responsible for the incident management program. CISM emphasizes that information security management includes establishing, maintaining, testing, and improving incident management processes to reduce organizational impact when incidents occur.
[Reference: CISM Information Security Incident Management; incident response planning, testing, accountability, and continuous improvement principles., , ]
Submit