Certified Information Security Manager (CISM) — Question 558

The PRIMARY goal of a post-incident review should be to:

Answer options

• A. identify policy changes to prevent a recurrence.
• B. establish the cost of the incident to the business.
• C. determine why the incident occurred.
• D. determine how to improve the incident handling process.

Correct answer: D

Explanation

The primary aim of a post-incident review is to enhance the incident handling process, ensuring that future incidents are managed more effectively. While identifying policy changes, calculating costs, and understanding the reasons for the incident are important, they are secondary to the goal of improving the overall process.