Certified Information Security Manager (CISM) — Question 867

Which of the following processes BEST supports the evaluation of incident response effectiveness?

Answer options

• A. Post-incident review
• B. Chain of custody
• C. Incident logging
• D. Root cause analysis

Correct answer: A

Explanation

The Post-incident review is essential for analyzing the effectiveness of the incident response, allowing teams to identify strengths and weaknesses. Chain of custody pertains to evidence handling, Incident logging focuses on recording events, and Root cause analysis is used to determine the underlying cause, but none of these processes specifically evaluate overall response effectiveness like a post-incident review does.