Certified Information Security Manager (CISM) — Question 372

Which of the following is MOST important to include in a post-incident review following a data breach?

Answer options

• A. An evaluation of the effectiveness of the information security strategy
• B. Documentation of regulatory reporting requirements
• C. A review of the forensics chain of custody
• D. Evaluations of the adequacy of existing controls

Correct answer: D

Explanation

The correct answer is D because evaluating the adequacy of existing controls helps identify vulnerabilities that allowed the breach to occur and informs future improvements. Options A, B, and C are important but do not directly address the effectiveness and robustness of the security measures in place that need to be analyzed to prevent future incidents.