Certified Information Systems Auditor (CISA) — Question 1070

Which of the following is the MOST important reason for an IS auditor to examine the results of a post-incident review performed after a security incident?

Answer options

• A. To re-analyze the incident to identify any hidden backdoors planted by the attacker
• B. To evaluate the effectiveness of the network firewall against future security breaches
• C. To compare incident response metrics with industry benchmarks
• D. To evaluate the effectiveness of continuous improvement efforts

Correct answer: D

Explanation

The most crucial reason for the IS auditor to review the post-incident findings is to assess how well the organization has implemented continuous improvement strategies to prevent similar incidents in the future. Options A, B, and C focus on specific aspects of the incident or metrics, but they do not address the overarching goal of enhancing overall security practices through continuous improvement.