CISM Certified Information Security Manager – Question1459

After the occurrence of a major information security incident, which of the following will BEST help an information security manager determine corrective actions?

A.
Calculating cost of the incident
B. Conducting a postmortem assessment
C. Preserving the evidence
D. Performing am impact analysis

Correct Answer: D