Exam CISM topic 1 question 60 discussion

D. Perform post-incident reviews. The BEST way to enhance training for incident response teams is to perform post-incident reviews. Post-incident reviews, also known as after-action reviews or lessons learned sessions, involve analyzing and evaluating the response to an incident once it has been resolved. This process allows the incident response team to reflect on their actions, identify strengths and weaknesses, and gather valuable insights for improving their performance in future incidents.

This is very close between C and D. Your answer pretty much comes down to how you interpret the question. Personally I like D as so as ISACA love to emphasise the importance of using post-incident reviews/lessons learned to make improvements.

no better training than real scenarios

emergency training (similar to fire drills), will help keep every stakeholder alert

read the question, "enhance training ". D has to do with actual steps in the IR process not training. C deals with training.

Real-world learning - not simulated

Performing post-incident reviews, also known as after-action reviews or lessons learned sessions, allows incident response teams to analyze the effectiveness of their response to real incidents. By examining what worked well, identifying areas for improvement, and applying lessons learned, teams can enhance their training and preparedness for future incidents. This iterative process helps teams continually refine their skills and response capabilities. While options like conducting interviews with organizational units (option A), establishing incident key performance indicators (KPIs) (option B), and participating in emergency response activities (option C) are valuable activities, post-incident reviews provide a specific and focused mechanism for learning from real-world experiences and improving incident response training.

D. While the other options (A, B, and C) can be valuable components of training and preparedness, post-incident reviews play a crucial role in ongoing improvement and are the best way to enhance the effectiveness of incident response teams.

For me it's D. Emergency response activities may not be performed very well. Therefore, always post incident reviews will tackle the problems occurred during the response activities and train the response team to not repeat the same mistakes in future activities.

D. If you don't know the areas where you're lacking you can't enhance the training, so participating in post evaluation activities will identity areas to train on.

C. Participate in emergency response activities.

Emergency response activities provide a realistic and practical training environment for incident response teams to practice and develop their skills. These activities simulate real-world incidents and allow teams to respond and handle them in a controlled setting. Participating in these activities can help incident response teams to identify any weaknesses or gaps in their response plans and procedures and to improve their response capabilities.

Training is not equal to experience gained. When then participate in response activities they are in the process or gaining experience. When they do lessons learned they improve their knowledge. correct answers is D.

Participating in emergency response activities is the best way to enhance training for incident response teams because it provides hands-on, real-world experience in responding to incidents. This type of training allows the team to practice their incident response procedures and develop the necessary skills to effectively respond to incidents. This helps to increase their confidence and competence in the incident response process and can lead to improved performance and a more effective response when a real incident occurs. Additionally, participating in emergency response activities allows the team to identify and address any gaps or weaknesses in their incident response procedures, which can then be corrected before a real incident occurs.

Seems putting someone in the response activities would be a better practise then post incident review

C & D are ok

C. Is anyone else with me on this one? Post-Incident-Response is *primarily* for improving processes based on what was observed/learned. Identifying *corrective actions* is primary purpose for post incident response. Although I am sure it can help to identify improvements to training, I feel like C is the better option for that.