CISM Question #345: Real Exam Question with Answer & Explanation

The correct answer is D: The impact on business operations. The most important factor when categorizing the severity of information security incidents is the impact on business operations. An incident's severity is often determined by how much it disrupts the organization's ability to function and deliver its critical services. This helps

Submitted by the_admin· Apr 18, 2026Information Security Incident Management

Question

Which of the following is the MOST important factor to consider when categorizing the severity of information security incidents?

Options

AThe brand reputation of the affected organization
BThe geographical location of the incident
CThe resources required to triage
DThe impact on business operations

Explanation

The most important factor when categorizing the severity of information security incidents is the impact on business operations. An incident's severity is often determined by how much it disrupts the organization's ability to function and deliver its critical services. This helps prioritize responses and allocate resources effectively.

Topics

#Incident Severity#Business Impact#Incident Management#Incident Prioritization

Community Discussion

No community discussion yet for this question.

Full CISM Practice Browse All CISM Questions