What determines the frequency of reviewing an organization's information security incident management strategy?
Correct Answer: B
Comprehensive and Detailed Explanation From Exact Extract: ISO/IEC 27035-1:2016 Clause 7.1 explicitly states that the frequency and depth of reviewing the incident management strategy should be based on the organization's size, complexity, and threat environment. Larger or more complex environments may require more frequent reviews to remain agile and responsive. Audit schedules (Option C) may influence timing, but they do not dictate the necessary frequency for strategic reviews. The number of employees (Option A) alone is not a sufficient factor. Reference: ISO/IEC 27035-1:2016 Clause 7.1: "The frequency and scope of reviews should be determined by the nature, scale, and complexity of the organization." Correct answer: B -
