Certified Information Security Manager (CISM) — Question 1001

Which of the following is the MOST important outcome of a post-incident review?

Answer options

• A. The system affected by the incident is restored to its prior state.
• B. The root cause of the incident is determined.
• C. The person responsible for the incident is identified.
• D. The impact of the incident is reported to senior management.

Correct answer: B

Explanation

Determining the root cause of the incident is vital for preventing future occurrences, which is why option B is the correct answer. While restoring the system, identifying responsible individuals, and reporting impacts are important, they do not address the underlying issues that led to the incident.