Certified Information Security Manager (CISM) — Question 233

An incident response team recently encountered an unfamiliar type of cyber event. Though the team was able to resolve the issue, it took a significant amount of time to identify. What is the BEST way to help ensure similar incidents are identified more quickly in the future?

Answer options

• A. Establish performance metrics for the team.
• B. Perform a post-incident review.
• C. Perform a threat analysis.
• D. Implement a SIEM solution.

Correct answer: B

Explanation

Performing a post-incident review is crucial because it allows the team to analyze what happened and identify gaps in their processes. This learning can lead to improved detection and response times for future incidents. The other options, while important, do not directly address the need for improving incident recognition based on past experiences.