Certified Information Security Manager (CISM) — Question 678

An organization has decided to conduct a postmortem analysis after experiencing a loss from an information security attack. The PRIMARY purpose of this analysis should be to:

Answer options

• A. evaluate the impact.
• B. prepare for criminal prosecution.
• C. document lessons learned.
• D. update information security policies.

Correct answer: C

Explanation

The primary goal of a postmortem analysis is to document lessons learned, which helps organizations improve their security posture. While evaluating the impact, preparing for prosecution, and updating policies are important, the most critical outcome of the analysis is to capture insights that can prevent future incidents.