Certified Information Security Manager (CISM) — Question 178
Which of the following is MOST useful to an information security manager when conducting a post-incident review of an attack?
Answer options
- A. Cost of the attack to the organization
- B. Location of the attacker
- C. Details from intrusion detection system (IDS) logs
- D. Method of operation used by the attacker
Correct answer: D
Explanation
The method of operation used by the attacker is crucial as it helps to understand their techniques and strategies, which can be used to strengthen defenses against future attacks. While the cost of the attack, location of the attacker, and IDS logs provide useful context, they do not directly inform the security posture or preventative measures as effectively as understanding the attacker's methods.