Certified Information Security Manager (CISM) — Question 720

Which of the following is the MOST important reason to document information security incidents that are reported across the organization?

Answer options

• A. Support business investments in security.
• B. Evaluate the security posture of the organization.
• C. Identify unmitigated risk.
• D. Prevent incident recurrence.

Correct answer: D

Explanation

The most crucial reason for documenting information security incidents is to prevent them from occurring in the future, which is why D is correct. While supporting business investments, evaluating security posture, and identifying risks are important, they are secondary to the overall goal of incident prevention.