Certified Information Security Manager (CISM) — Question 1248

Which of the following is the FIRST step when conducting a post-incident review?

Answer options

• A. Identify mitigating controls.
• B. Assess the costs of the incident.
• C. Perform root cause analysis.
• D. Assign responsibility for corrective actions.

Correct answer: C

Explanation

The first step in a post-incident review is to perform root cause analysis, as it helps identify the underlying reasons for the incident. This analysis is crucial before taking other actions like assessing costs or assigning responsibilities, which depend on understanding the root cause.