Certified Information Security Manager (CISM) — Question 948

Which of the following BEST enables an organization to enhance its incident response plan processes and procedures?

Answer options

• A. Information security audits
• B. Security risk assessments
• C. Lessons learned analysis
• D. Key performance indicators (KPIs)

Correct answer: C

Explanation

The correct answer is C, as conducting a lessons learned analysis allows organizations to review past incidents, identify what worked and what didn’t, and make necessary adjustments to improve future responses. Options A and B focus on identifying vulnerabilities and risks rather than improving response processes, while D, although useful for measuring performance, does not directly contribute to enhancing incident response procedures.