Certified Information Security Manager (CISM) — Question 738

A post-incident review identified that user error resulted in a major breach. Which of the following is MOST important to determine during the review?

Answer options

• A. The underlying reason for the user error
• B. The time and location that the breach occurred
• C. Appropriate disciplinary procedures for user error
• D. Evidence of previous incidents caused by the user

Correct answer: A

Explanation

Identifying the underlying reason for the user error is crucial as it helps to prevent future occurrences by addressing the root cause. While understanding the time and location of the breach, disciplinary measures, and past incidents are important, they do not directly contribute to preventing similar errors in the future.