CISM · Question #315
CISM Question #315: Real Exam Question with Answer & Explanation
The correct answer is B: Stakeholder communication plan. A stakeholder communication plan identifies who the relevant stakeholders are, defines their roles and decision-making authority, and specifies how and when they are engaged during an incident. Without this plan, critical decisions may be delayed or made by the wrong person. An e
Question
Which of the following is CRITICAL to ensure the appropriate stakeholder makes decisions during a cybersecurity incident?
Options
- AUp-to-date risk register
- BStakeholder communication plan
- CEscalation plan
- DAsset classification
Explanation
A stakeholder communication plan identifies who the relevant stakeholders are, defines their roles and decision-making authority, and specifies how and when they are engaged during an incident. Without this plan, critical decisions may be delayed or made by the wrong person. An escalation plan (C) defines when to escalate but does not fully identify who the appropriate decision-maker is for each scenario. An up-to-date risk register (A) informs risk decisions but does not govern incident communication. Asset classification (D) helps determine incident severity but does not direct stakeholder engagement or decision authority.
Topics
Community Discussion
No community discussion yet for this question.