Certified Information Security Manager (CISM) — Question 594

Which of the following is the MAJOR advantage of conducting a post-incident review? The review:

Answer options

• A. helps develop business cases for security monitoring tools
• B. provides continuous process improvement
• C. facilitates reporting on actions taken during the incident process
• D. helps identify current and desired level of risk

Correct answer: B

Explanation

The correct answer is B, as a post-incident review is aimed at identifying areas for continuous improvement in processes based on lessons learned. Option A focuses on business cases which is not the main goal of the review, C is about documentation rather than improvement, and D pertains to risk assessment which is not the primary focus of the review.