Effective CISSP Questions

Your organization instructs employees to work from home to mitigate the impact of the pandemic of COVID-19. However, some jobs require third-party contractors to work on site. To avoid cluster infection, every contracted individual must report potential contact with confirmed cases whenever possible. Which of the following is the best document that provides the procedure? (Wentz QOTD)
A. Service level agreement
B. Business continuity plan
C. Incident management plan
D. Security awareness and training plan

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Incident management plan.

Incident Response Process
Incident Response Process

The incident management plan is part of the business continuity master plan. It typically addresses the detecting, reporting, assessing, recording, and resolving incidents that may affect service levels or disrupt the delivery of products and services. Reporting potential contact with confirmed cases may follow the detecting or reporting procedure of the incident response or management.

Potential contact with confirmed cases has not yet become an incident. It is far from disrupting the delivery of products and services, so it’s not the best arrangement to deal with this situation in the business continuity plan.

Incident Management Plan

Incident management is the “defined process for logging, recording and resolving incidents.” (ITIL 2001) When it comes to information security, incident management is a “set of processes for detecting, reporting, assessing, responding to, dealing with, and learning from information security incidents.” (ISO/IEC 27000:2018)

Business Continuity Plan

The business continuity plan is “documented information that guides an organization to respond to a disruption and resume, recover and restore the delivery of products and services consistent with its business continuity objectives.” (ISO 22300:2021)

Service Level Agreement (SLA)

A service level agreement (SLA) is the “documented agreement between a service provider and a customer that identifies services and service targets. A service level agreement can be included in a contract or another type of documented agreement.” (ISO/IEC TR 20000-10:2015)

The SLA between your organization and the external service provider primarily describes the services provided by and service targets committed by the provider, which typically doesn’t deal with procedures.

Security awareness and training plan

Security awareness and training sessions or contents may introduce the incident reporting or response procedures, but the plan itself doesn’t deal with the subject matter of the incident response procedure.



My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

您的組織指示員工在家中工作,以減輕COVID-19大流行的影響。 但是,某些工作需要第三方承包商在現場工作。 為避免簇感染,每個簽訂合同的個人都必須儘可能報告與確診病例的潛在接觸。 以下哪項是提供此程序的最佳文件?(Wentz QOTD)
A. 服務水準協議 (Service level agreement)
B. 業務連續性計畫 (Business continuity plan)
C. 事件管理計畫 (Incident management plan)
D. 安全意識和培訓計畫 (Security awareness and training plan)

Leave a Reply