A security manager observes that the organization's IT environment and external threat-intelligence feeds have shown no significant changes during the past six months. Several executives propose skipping the annual tabletop exercise and document review for the incident response plan. Which of the following is the MOST compelling reason to proceed with the scheduled review and update?
Regulatory and contractual obligations may require documented evidence of regular plan maintenance.
Skipping the review conserves budget and staff time for higher-priority projects.
Regular reviews uncover otherwise hidden weaknesses and allow the plan to be improved before an actual incident occurs.
Because the environment is static, proactive changes are unnecessary until after a major breach takes place.
An incident response plan is a living document that must adapt to evolving threats and to lessons learned during drills and audits. Even when the environment appears static, undetected weaknesses or procedural gaps can persist. Regular reviews-through tabletop exercises, simulations, and document updates-surface these weaknesses so they can be corrected before a real incident occurs. Standards such as NIST SP 800-61 recommend at least annual reviews or reviews after any significant change or exercise. Therefore, uncovering hidden weaknesses is the strongest justification. The other options are either secondary considerations, false economies, or contradict best practice.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why are tabletop exercises critical, even when no major changes are observed?
Open an interactive chat with Bash
What is NIST SP 800-61, and how does it relate to incident response?
Open an interactive chat with Bash
What are some common weaknesses uncovered during incident response plan reviews?