Isaca Certified Information Systems Auditor CISA Question # 51 Topic 6 Discussion
CISA Exam Topic 6 Question 51 Discussion:
Question #: 51
Topic #: 6
Which of the following is the MOST important reason for an IS auditor to examine the results of a post-incident review performed after a security incident?
A.
To evaluate the effectiveness of continuous improvement efforts
B.
To compare incident response metrics with industry benchmarks
C.
To re-analyze the incident to identify any hidden backdoors planted by the attacker
D.
To evaluate the effectiveness of the network firewall against future security breaches
A post-incident review (PIR) is a process to review the incident information from occurrence to closure and to identify potential findings and recommendations for improvement1. The most important reason for an IS auditor to examine the results of a PIR is to evaluate the effectiveness of continuous improvement efforts and to ensure that the lessons learned from the incident are implemented and followed up2. A PIR can help an organization to eliminate or reduce the risk of the incident to re-occur, improve the initial incident detection time, identify improvements needed to diagnose and repair the incident, and update the incident management best practices1. Therefore, a PIR is a valuable source of information for an IS auditor to assess the maturity and performance of the organization’s incident management process.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit