Isaca Updated CISM Exam Questions and Answers by bianka

 Incident management is the activity designed to handle a control failure that leads to a breach. Incident management is the process of identifying, analyzing, responding to, and learning from security incidents that may compromise the confidentiality, integrity, or availability of information assets. Incident management aims to minimize the impact of a breach, restore normal operations as quickly as possible, and prevent or reduce the likelihood of recurrence. Incident management involves several steps, such as:

Establishing an incident response team with clear roles and responsibilities

Developing and maintaining an incident response plan that defines the procedures, tools, and resources for handling incidents

Implementing detection and reporting mechanisms to identify and communicate incidents

Performing triage and analysis to assess the scope, severity, and root cause of incidents

Containing and eradicating the threat and preserving evidence for investigation and legal purposes

Recovering and restoring the affected systems and data to a secure state

Evaluating and improving the incident response process and controls based on lessons learned and best practices

References = CISM Review Manual, 16th Edition, ISACA, 2021, pages 223-232.

“An information security training program should be tailored to the specific roles and responsibilities of employees. This will help them understand how their actions affect information security and what they need to do to protect it. A generic training program that is focused on policy, business processes or recent incidents may not be relevant or effective for all employees.”