Which of the following is most likely to be used as a just-in-time reference document within a security operations center?

A change management policy outlines the processes and guidelines for managing changes within an organization’s IT environment. While important for governance and compliance, it is not designed for immediate reference during active incident response, making it less suitable for a just-in-time reference in a SOC.

A risk profile assesses potential threats and vulnerabilities to an organization, detailing the likelihood and impact of various risks. Although foundational for overall security strategy, it is generally not used in real-time scenarios where immediate actions are required. Its analytical nature does not lend itself to quick reference during incidents.

A Security Information and Event Management (SIEM) profile provides insights into security events and logs but is primarily analytical and operational in nature. While useful for monitoring and analysis, it does not offer the direct, actionable guidance needed for immediate incident response like a playbook does.