Skip to Content

ISACA CISM: what should security team do NEXT after cyberattack resulting in data loss

Question

An organization’s operations have been significantly impacted by a cyberattack resulting in data loss. Once the attack has been contained, what should the security team do NEXT?

A. Update the incident response plan.
B. Perform a root cause analysis.
C. Implement compensating controls.
D. Conduct a lessons learned exercise.

Answer

D. Conduct a lessons learned exercise.

Explanation

The correct answer is D. Conduct a lessons learned exercise. This is because a lessons learned exercise is a process of reviewing and evaluating the incident response activities, identifying the strengths and weaknesses, and documenting the findings and recommendations for improvement. A lessons learned exercise can help the security team to learn from the experience, enhance their skills and knowledge, and improve their incident response plan and procedures for future incidents.

The other options are not the next steps that the security team should do after containing the attack. Updating the incident response plan (A) is a good practice, but it should be done based on the results of the lessons learned exercise, not before. Performing a root cause analysis (B) is also important, but it should be done as part of the investigation phase, not after containing the attack. Implementing compensating controls is also beneficial, but it should be done as part of the recovery phase, not after containing the attack.

Therefore, conducting a lessons learned exercise (D) is the most appropriate next step for the security team to do after containing a cyberattack resulting in data loss.

Reference

Isaca Certified Information Security Manager CISM certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Isaca Certified Information Security Manager CISM exam and earn Isaca Certified Information Security Manager CISM certification.

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.