Certified Information Security Manager (CISM) — Question 595

What would be the MAIN purpose of an immediate post-incident review after a comprehensive test of the incident response plan?

Answer options

• A. To reduce costs associated with incident response efforts
• B. To determine ways to improve incident response plan processes
• C. To document weaknesses for the next incident response plan test
• D. To revalidate incident response plan activities

Correct answer: B

Explanation

The correct answer is B because the main objective of an immediate post-incident review is to evaluate and enhance the processes outlined in the incident response plan. Options A, C, and D, while relevant, do not capture the primary intent of seeking improvements in the response processes.