CISM Certified Information Security Manager – Question1434

When establishing escalation processes for an organization’s computer security incident response team, the organization’s procedures should:

A.
provide unrestricted communication channels to executive leadership to ensure direct access.
B. require events to be escalated whenever possible to ensure that management is kept informed.
C. recommend the same communication path for events to ensure consistency of communication.
D. specify step-by-step escalation paths to ensure an appropriate chain of command.

Correct Answer: D