New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca CISM Exam - Topic 1 Question 97 Discussion

Actual exam question for Isaca's CISM exam
Question #: 97
Topic #: 1
[All CISM Questions]

Which of the following is the GREATEST concern resulting from the lack of severity criteria in incident classification?

Show Suggested Answer Hide Answer
Suggested Answer: C

The greatest concern resulting from the lack of severity criteria in incident classification is that escalation procedures will be ineffective because they rely on severity criteria to determine when and how to escalate an incident to higher levels of authority or responsibility, and what actions or resources are required for resolving an incident. Statistical reports will be incorrect is not a great concern because they do not affect the incident response process directly, but rather provide information or analysis for improvement or evaluation purposes. The service desk will be staffed incorrectly is not a great concern because it does not affect the incident response process directly, but rather affects the availability or efficiency of one of its components. Timely detection of attacks will be impossible is not a great concern because it does not depend on severity criteria, but rather on monitoring and alerting mechanisms. Reference: https://www.isaca.org/resources/isaca-journal/issues/2017/volume-5/incident-response-lessons-learned https://www.isaca.org/resources/isaca-journal/issues/2018/volume-3/incident-response-lessons-learned


by Kris at May 04, 2025, 12:23 AM

Limited Time Offer

25%

Off

Get Premium CISM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Viva
2 months ago
Not sure about B, staffing can adapt to other factors too.
upvoted 0 times
...
Phyliss
2 months ago
Totally agree with A, it’s all about the numbers!
upvoted 0 times
...
Louvenia
3 months ago
I think C is a bigger issue, escalations need to be clear.
upvoted 0 times
...
Orville
3 months ago
D seems a bit extreme, can’t we still detect attacks?
upvoted 0 times
...
Bo
3 months ago
Definitely A, incorrect stats can mess everything up.
upvoted 0 times
...
Cary
3 months ago
Staffing the service desk incorrectly could definitely cause issues, but I wonder if it’s as severe as the problems with escalation procedures.
upvoted 0 times
...
Ronald
4 months ago
I'm a bit confused about the options, but I feel like timely detection of attacks is really important. If we can't detect them, everything else falls apart.
upvoted 0 times
...
Paris
4 months ago
I think I saw a similar question in our practice tests, and I leaned towards escalation procedures being ineffective. That seems critical.
upvoted 0 times
...
Sabine
4 months ago
I remember discussing how incorrect statistical reports could lead to poor decision-making, but I'm not sure if that's the greatest concern.
upvoted 0 times
...
Mari
4 months ago
Ah, this is the kind of question that really makes you think. I'm going to need to review the material on incident management again to make sure I choose the best answer.
upvoted 0 times
...
Lai
4 months ago
Okay, I think I've got a handle on this. The key is to identify the most significant consequence of not having clear severity criteria for incident classification.
upvoted 0 times
...
Emilio
5 months ago
Hmm, this is a tricky one. I'm not entirely sure which of these concerns is the greatest, but I'll try to reason through it step-by-step.
upvoted 0 times
...
Levi
5 months ago
This seems like a straightforward question, but I want to make sure I understand the implications of the lack of severity criteria. I'll need to carefully consider each option.
upvoted 0 times
...
Val
8 months ago
That's a valid point, without severity criteria, attacks may go unnoticed for longer.
upvoted 0 times
...
Rex
9 months ago
But what about the impact on timely detection of attacks?
upvoted 0 times
...
Benedict
9 months ago
I'm going with B. If the service desk is staffed incorrectly, the whole system is thrown off. Good luck getting anything done right!
upvoted 0 times
Jesusa
8 months ago
B) The service desk will be staffed incorrectly.
upvoted 0 times
...
Erasmo
8 months ago
A) Statistical reports will be incorrect.
upvoted 0 times
...
...
Shawn
9 months ago
I agree, incorrect statistical reports can lead to wrong decisions.
upvoted 0 times
...
Val
9 months ago
I think the lack of severity criteria will affect statistical reports.
upvoted 0 times
...
Novella
9 months ago
Hold up, are we talking about incident classification or a game of 'Guess the Severity'? I feel like I should be rolling dice right now.
upvoted 0 times
Valentin
8 months ago
C) Escalation procedures will be ineffective.
upvoted 0 times
...
Nakita
8 months ago
B) The service desk will be staffed incorrectly.
upvoted 0 times
...
Bobbye
8 months ago
A) Statistical reports will be incorrect.
upvoted 0 times
...
...
Walton
10 months ago
Wait, so we're supposed to be concerned about the lack of severity criteria? I thought that was just an excuse to skip our incident response training. Oops.
upvoted 0 times
Bonita
8 months ago
C) Escalation procedures will be ineffective.
upvoted 0 times
...
Torie
9 months ago
B) The service desk will be staffed incorrectly.
upvoted 0 times
...
Anastacia
9 months ago
A) Statistical reports will be incorrect.
upvoted 0 times
...
...
Fidelia
10 months ago
D is the way to go. Without clear severity criteria, how can we possibly detect attacks in a timely manner? This is a recipe for disaster!
upvoted 0 times
Francine
9 months ago
D) Timely detection of attacks will be impossible.
upvoted 0 times
...
Shawn
9 months ago
B) The service desk will be staffed incorrectly.
upvoted 0 times
...
Adaline
9 months ago
A) Statistical reports will be incorrect.
upvoted 0 times
...
...

Save Cancel