Certified Information Security Manager (CISM) — Question 938

Which of the following is MOST important to include in a post-incident report?

Answer options

• A. Forensic analysis results
• B. List of potentially compromised assets
• C. Root cause analysis
• D. Service level agreements (SLAs)

Correct answer: C

Explanation

Including a root cause analysis is crucial as it identifies the underlying reasons for the incident, helping to prevent future occurrences. While forensic analysis results and a list of compromised assets are important, they serve more as supporting details rather than addressing the fundamental issue. Service level agreements (SLAs) are not relevant to understanding the cause of the incident.