Exam CISM topic 1 question 450 discussion

The primary objective of performing a post-incident review is to identify the root cause of the incident. Answer: D

the primary purpose of a post-incident review is indeed to identify control improvements and lessons learned, which may involve conducting a root cause analysis as part of the overall process. The focus is on identifying areas for improvement in controls, processes, and procedures to prevent similar incidents from occurring in the future and to enhance the organization's overall security posture.

A for me. D is important too, identifying the root cause helps in understanding what went wrong, but the focus of the post-incident review is on learning from the incident and making necessary adjustments to controls and procedures to mitigate future risks.

A. identify improvements

Ok, hanging my mind after further research - primary objective is to A identify control improvements as that is an objective , identifying root cause helps with that

Think there is confusion on “root cause” yes root cause is done as part of eradication , however in a post incident review “root cause” refers to understanding how the incident happened in the first placee, so Option D

It is D 100% sure!!! Similar question on official QAE 10

Option A

it's A. identty root cause is part of eradicatio phase

This is A. You want to get better to prevent this happening again, simple as that

A is correct , NOT D During incident you identify root cause at remediation step of NIST incident management .

A is correct , NOT D During incident you identify root cause at remediation step of NIST incident management .

A. identify control improvements

By identifying the root cause of the incident, the organization gains valuable insights into the fundamental issues that need to be addressed to prevent similar incidents in the future. It helps in determining the corrective actions and control improvements necessary to enhance the organization's security posture and resilience. So Option D