Q: 9
Which of the following is MOST appropriate for an organization to consider when defining incident
classification and categorization levels?
Options
Discussion
Had something like this in a mock and impact was always the focus for incident classification schemes. D fits since severity and priority are all about how much the business is affected, not just quantity or threat.
C or D here. I was sure quantity of impacted assets (C) would be critical since more affected systems feels like it raises the level of the incident, especially for reporting. But now reading through some practice material, most emphasize impact overall (D) as the main tie-breaker. Curious what others make of C being less important.
Option D, Pretty sure you’ll see this in the official manual and some practice tests too.
Definitely D here. Impact is really the lens CISM wants for incident classification, not just assets or maturity.
C or D? I always thought number of impacted assets (C) mattered a lot for classifying the size of an incident, but most of the sample questions and CISM guides say it's really about impact to business. So D probably has the edge for "most appropriate," but C seems tempting if they were asking about scope. Anyone else see it that way?
D , impact is what sets severity levels for incidents. C can be tricky but it doesn’t determine urgency here.
A is out, D makes sense. Impact sets the priority for incident handling, which is what classification should focus on.
Not B, it's D. Impact determines how incidents get triaged and managed, not just the external threat landscape. Some people trip up on quantity of assets but that's less about severity and more about logistics.
D imo, impact drives how we prioritize and escalate incidents. The bigger the impact, the greater the urgency for response. Other factors matter too but impact is key for classification. Anyone disagree?
Be respectful. No spam.
