CISA Certified Information Systems Auditor – Question0696

A new regulation requires organizations to report significant security incidents to the regulator within 24 hours of identification. Which of the following is the IS auditor's BEST recommendation to facilitate compliance with the regulation?

A.
Include the requirement in the incident management response plan.
B. Establish key performance indicators (KPIs) for timely identification of security incidents.
C. Enhance the alert functionality of the intrusion detection system (IDS).
D. Engage an external security incident response expert for incident handling.

Correct Answer: A