Certified in Risk and Information Systems Control (CRISC) — Question 767

Which of the following would BEST assist in reconstructing the sequence of events following a security incident across multiple IT systems in the organization's network?

Answer options

• A. Centralized log management
• B. Centralized vulnerability management
• C. Network monitoring infrastructure
• D. Incident management process

Correct answer: A

Explanation

Centralized log management is crucial for tracking and analyzing logs from different systems, enabling a clear reconstruction of events during a security incident. The other options, while important for security and incident response, do not provide the same level of detailed chronological data that logs offer, making them less effective for this specific purpose.