ISACA CISM: PRIMARY goal of a post-incident review should be to?

Question

The PRIMARY goal of a post-incident review should be to:

A. identify policy changes to prevent a recurrence.
B. establish the cost of the incident to the business.
C. determine why the incident occurred.
D. determine how to improve the incident handling process.

Answer

D. determine how to improve the incident handling process.

Explanation

The PRIMARY goal of a post-incident review should be:

D. determine how to improve the incident handling process.

Explanation:

A post-incident review, also known as a post-mortem or lessons learned session, is conducted after an incident or security breach has occurred. Its primary objective is to improve the organization’s incident handling process and enhance its overall security posture. Here’s a comprehensive explanation of each option:

A. identify policy changes to prevent a recurrence: While identifying policy changes is an important aspect of a post-incident review, it is not the primary goal. Policy changes are just one component of the broader objective of improving the incident handling process. The review should encompass various aspects beyond policy changes, such as technical controls, response procedures, and staff training.

B. establish the cost of the incident to the business: While understanding the cost of an incident is valuable for financial and business impact analysis, it is not the primary goal of a post-incident review. The focus should be on identifying improvements in the incident handling process and security practices rather than solely assessing the financial impact.

C. determine why the incident occurred: Determining why the incident occurred is an essential part of the post-incident review, but it is not the primary goal. The primary goal is to improve the incident handling process rather than solely investigating the root cause of the incident. The review should encompass a broader analysis of response actions, communication, coordination, and other factors that contribute to effective incident management.

D. determine how to improve the incident handling process: This is the correct answer. The primary goal of a post-incident review is to identify areas for improvement in the incident handling process. The focus is on evaluating the effectiveness of incident response procedures, technical controls, communication channels, coordination among teams, documentation, and any other relevant aspects. The review aims to learn from the incident and implement enhancements to prevent future incidents or respond more effectively if they occur.

In summary, while all the options may have some relevance to a post-incident review, the primary goal is to determine how to improve the incident handling process. It involves a comprehensive evaluation of incident response procedures, coordination, technical controls, and other factors to enhance the organization’s ability to detect, respond to, and recover from security incidents.

Reference

• What are post-incident reviews? | Jira Service Management Cloud | Atlassian Support
• Post-incident review best practices | Jira Service Management Cloud | Atlassian Support
• Post Incident Review – Incident Management Process
• CISM Certification | Certified Information Security Manager | ISACA
• CISM Exam Content Outline | CISM Certification | ISACA
• Earn a CISM Certification | ISACA

Isaca Certified Information Security Manager CISM certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Isaca Certified Information Security Manager CISM exam and earn Isaca Certified Information Security Manager CISM certification.