CISA Certified Information Systems Auditor – Question1559

Over the long term, which of the following has the greatest potential to improve the security incident response process?

A.
A walkthrough review of incident response procedures
B. Postevent reviews by the incident response team
C. Ongoing security training for users
D. Documenting responses to an incident

Correct Answer: B

Explanation:

Explanation:
Postevent reviews to find the gaps and shortcomings in the actual incident response processes will help to improve the process over time. Choices A, C and D are desirable actions, but postevent reviews are the most reliable mechanism for improving security incident response processes.