Isaca Updated CISM Exam Questions and Answers by maira

The best automated control to resolve the issue of security incidents not being appropriately escalated by the help desk is to integrate incident response workflow into the help desk ticketing system. This will ensure that the help desk staff follow the predefined steps and procedures for handling and escalating security incidents, based on the severity, impact, and urgency of each incident. The incident response workflow will also provide clear guidance on who to notify, when to notify, and how to notify the relevant stakeholders and authorities. This will improve the efficiency, effectiveness, and consistency of the incident response process.

References = CISM Review Manual, 16th Edition, page 2901; A Practical Approach to Incident Management Escalation2

The ultimate goal of an anti-phishing campaign is to reduce the risk and impact of phishing attacks on the organization. Therefore, the most relevant and reliable indicator of the effectiveness of an anti-phishing campaign is the decreased number of incidents that have occurred as a result of phishing. This metric shows how well the employees have learned to recognize and report phishing emails, and how well the security controls have prevented or mitigated the damage caused by phishing.

References = Five Ways to Achieve a Successful Anti-Phishing Campaign; Don’t click: towards an effective anti-phishing training. A comparative literature review; CISA, NSA, FBI, MS-ISAC Publish Guide on Preventing Phishing Intrusions

Computer forensics involves analyzing systems to reconstruct activities and identify what changes or breaches have occurred. It provides a detailed understanding of the sequence of events during an incident.

“Computer forensics provides a detailed, legally defensible analysis of system activities to reconstruct the incident and identify root causes.”

— CISM Review Manual 15th Edition, Chapter 4: Incident Management, Section: Forensics and Investigations*

ISACA practice questions note that computer forensics is key for reconstructing incident activities.