Certified Information Security Manager (CISM) — Question 857

Which of the following is the PRIMARY reason to conduct a post-incident review?

Answer options

• A. To determine whether digital evidence is admissible
• B. To notify regulatory authorities
• C. To improve the response process
• D. To aid in future risk assessments

Correct answer:

Explanation

The correct answer is C, as the primary objective of a post-incident review is to analyze and enhance the response process based on the lessons learned. Options A and B focus on specific legal and regulatory aspects, which are not the main focus of a post-incident review, while D pertains to future planning rather than immediate improvements.