Exam CISM topic 1 question 605 discussion

After eradication it is looking for the root cause.

the question asked. Which of the following is MOST important to determine following the discovery and eradication of a malware attack. TO DETERMINE, the discovery and eradication of a malware attack (may be tomorrow). Since this is not happening, I will never know which the exact entry path is (assumption would be possible), so the key point is how fast i can detect the malware and what tool/method is to be used to detect the malware. anyway, in the exam, I would go with B.Just to pass. Disagreed to many CISM Exam questions/answers. Not practical in real life at all.

Malware path is the most important Agree to Answer B

Why would you go back to determining the method of detection of malware after the malware has been detected and eradicated? This could be done as part of root cause analysis to improve detection methods and prevent similar incidents from occurring in future. After discovery and eradication of malware, to recover systems and ensure that it is safe to return them to production, it is important to ensure that all vulnerabilities have been addressed and the systems are not subject to the same attack again This requires you to understand the threat vector, i.e., entry path of malware. Finding out the creator is not as important. The type of malware can be important, but not as important as making sure that all the holes in the boat are first identified and closed. Afterall, you do not want to drown trying to understand the shape and source of the holes. Answer: B

B. The malware entry path

it's gotta be B. - entry path, otherwise you will continue to get compromised.

What Manzer said