Certified Information Security Manager (CISM) — Question 920

Which of the following would be the MOST effective use of findings from a post-incident review?

Answer options

• A. Providing input for updates to the incident response plan
• B. Developing cost reports regarding the incident
• C. Providing justification for an increase in the incident response plan budget
• D. Incorporating the results into information security awareness training materials

Correct answer: A

Explanation

The correct answer, A, is appropriate because the insights from a post-incident review can directly improve the incident response plan by addressing gaps and enhancing procedures. Options B and C focus on financial aspects which, while important, do not directly contribute to improving response strategies. Option D, while beneficial for training, does not utilize the findings to improve the incident response plan itself.