Certified Information Security Manager (CISM) — Question 792

Which of the following should be given the HIGHEST priority during an information security post-incident review?

Answer options

• A. Evaluating incident response effectiveness
• B. Documenting actions taken in sufficient detail
• C. Evaluating the performance of incident response team members
• D. Updating key risk indicators (KRIs)

Correct answer: A

Explanation

Evaluating incident response effectiveness is crucial as it helps identify what worked well and what needs improvement, directly impacting future readiness. While documenting actions and assessing team performance are important, they serve as supporting activities to the primary goal of enhancing response strategies. Updating KRIs is beneficial but comes after understanding the incident response's efficiency.