CISM Certified Information Security Manager – Question1322

Which of the following is the MOST important reason to document information security incidents that are reported across the organization?

A.
Identify unmitigated risk
B. Prevent incident recurrence
C. Evaluate the security posture of the organization
D. Support business investments in security

Correct Answer: B