Exam CISM topic 1 question 264 discussion

B While implementing compensating controls (option C) is important, it typically comes after understanding the root cause of the incident. How can we implement a control unless we find out the root cause/vulnerabilities etc.

B. Perform a root cause analysis: It's crucial to understand how the cyberattack occurred in the first place. A root cause analysis helps identify the vulnerabilities or weaknesses in the organization's security posture that allowed the attack to happen. This analysis informs future security improvements and helps prevent similar incidents in the future.

You need to find the root cause before lessons learned. Answer is B

Actually Answer could be C. Your next step should be eradicate. Root cause analysis is performed post incidence fix same with lesson learned. In exam i will select C

I was wrong. Answer is B. Containment is when you isolate a system to stop it from affecting or connecting to network. In this stage, the incidence hasn;t been mitigated, therefore leason learned is not valid. You need Root Cause analysis to determin what the issue is then fix/mitigate it. Answer is B. Sorry for selecting C. Admin please delete my selection.

After incidence should be lessoned leaned. You would have performed root cause analysis to know how to solve and mitigate the issue. Answer id D

Why not D, isn't root cause analysis done in conjunction with lessons learned?

B. Perform a root cause analysis: It's crucial to understand how the cyberattack occurred in the first place. A root cause analysis helps identify the vulnerabilities or weaknesses in the organization's security posture that allowed the attack to happen. This analysis informs future security improvements and helps prevent similar incidents in the future.

B. Perform a root cause analysis.