🔥 3-day streak
ISACA CISM — Certified Information Security Manager23 / 121
Question 23 of 121

A newly appointed information security manager discovers that during a recent ransomware incident, no one initiated the containment decision because staff assumed the IT operations team, the legal department, and the CISO each held that authority. Post-incident review shows overlapping and undocumented responsibilities across several security processes. Which action will BEST prevent this type of failure in the future?

Reviewed for accuracy · Report an issueNext question