CISM Question #373: Real Exam Question with Answer & Explanation

The correct answer is A: Service owner. The service owner should make the decision to shut down the system because they are accountable for the criticality and availability of the service. They have the authority to balance business impact against the need to contain and mitigate the incident.

Submitted by fernanda_arg· Apr 18, 2026Information Security Incident Management

Question

An incident response plan is being developed for servers hosting sensitive information. In the event of a breach, who should make the decision to shut down the system?

Options

AService owner
BOperations manager
CIncident response team
DInformation security manager

Explanation

The service owner should make the decision to shut down the system because they are accountable for the criticality and availability of the service. They have the authority to balance business impact against the need to contain and mitigate the incident.

Topics

#Incident Response Plan#Roles and Responsibilities#Decision Making#Service Owner

Community Discussion

No community discussion yet for this question.

Full CISM Practice Browse All CISM Questions