You are the information security program manager for a government agency. The agency has a highly regulated environment and is in the process of updating its incident response plan. During a tabletop exercise, it becomes clear that the detection capabilities are strong, but the response coordination between IT, legal, and public affairs is poor. This caused delays in containing a simulated ransomware attack. The existing program includes an incident response policy but no formal procedures for cross-department coordination. The agency's leadership wants quick improvement with minimal budget impact. What should you recommend?
Cost-effective and directly improves coordination.
Why this answer
Correct answer is C because creating structured coordination procedures and conducting regular joint exercises directly addresses the coordination gap at low cost. Option A (new SIEM) does not fix coordination. Option B (outsourcing) is expensive and may not align with government requirements.
Option D (separate team) could be costly and does not leverage existing staff.