Certified Information Security Manager (CISM) — Question 706

Which of the following is MOST important to review following a security incident?

Answer options

• A. Incident response procedures
• B. Response tools and techniques
• C. Incident response plan
• D. Lessons learned

Correct answer: D

Explanation

The 'Lessons learned' from a security incident are crucial as they provide insights into what went wrong and how to improve future responses. While reviewing incident response procedures, response tools, and the incident response plan are important, they are secondary to understanding the lessons that can be derived from the incident itself.