CISM Certified Information Security Manager – Question1248

Which of the following should be the PRIMARY focus of a post-incident review following a successful response to a cybersecurity incident?

A.
Which control failures contributed to the incident
B. How incident response processes were executed
C. What attack vectors were utilized
D. When business operations were restored

Correct Answer: D