New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca CISM Exam - Topic 6 Question 84 Discussion

Actual exam question for Isaca's CISM exam
Question #: 84
Topic #: 6
[All CISM Questions]

While responding to a high-profile security incident, an information security manager observed several deficiencies in the current incident response plan. When would be the BEST time to update the plan?

Show Suggested Answer Hide Answer
Suggested Answer: C

During post-incident review is the best time to update the incident response plan after observing several deficiencies in the current plan while responding to a high-profile security incident. A post-incident review is a process of analyzing and evaluating the incident response activities, identifying the lessons learned, and documenting the recommendations and action items for improvement. Updating the incident response plan during post-incident review helps to ensure that the plan reflects the current best practices, addresses the gaps and weaknesses, and incorporates the feedback and suggestions from the incident response team and other stakeholders. Therefore, during post-incident review is the correct answer.


https://www.cisa.gov/sites/default/files/publications/Incident-Response-Plan-Basics_508c.pdf

https://www.techtarget.com/searchsecurity/feature/5-critical-steps-to-creating-an-effective-incident-response-plan

https://www.integrify.com/blog/posts/incident-response-plan-need-an-update/

by Doug at Sep 15, 2024, 03:11 AM

Limited Time Offer

25%

Off

Get Premium CISM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Fannie
3 months ago
I’m not sure, can we really fix things on the fly?
upvoted 0 times
...
Beatriz
3 months ago
After a risk reassessment makes sense, but not the best time.
upvoted 0 times
...
Buddy
3 months ago
Wait, updating while responding? That sounds risky!
upvoted 0 times
...
Marshall
4 months ago
I think a tabletop exercise is a good time too.
upvoted 0 times
...
Casey
4 months ago
Definitely during post-incident review!
upvoted 0 times
...
Willow
4 months ago
I’m leaning towards after a risk reassessment, but I can’t recall if that’s the most effective timing compared to the others.
upvoted 0 times
...
Lashonda
4 months ago
I feel like responding to the incident itself could be too chaotic for making updates. Maybe post-incident is better?
upvoted 0 times
...
Eric
4 months ago
I remember a practice question that emphasized the importance of post-incident reviews. That might be the right answer here.
upvoted 0 times
...
Thora
5 months ago
I think updating the plan during a tabletop exercise makes sense, but I’m not sure if it’s the best time.
upvoted 0 times
...
Arthur
5 months ago
I'm not entirely sure about this one. I'd need to review the incident response plan and the details of the security incident to determine the best time to update it. Maybe I'll jot down a few notes and come back to this question later.
upvoted 0 times
...
Ronald
5 months ago
I'm leaning towards D - after a risk reassessment. That way, you can ensure the incident response plan aligns with the current threat landscape and organizational risks.
upvoted 0 times
...
Reed
5 months ago
Hmm, I'm a bit torn between B and C. A tabletop exercise could be a good time to test the plan and identify areas for improvement, but the post-incident review might provide more concrete insights. I'll have to think this through carefully.
upvoted 0 times
...
Annice
5 months ago
This seems like a straightforward question. I'd go with option C - during the post-incident review, when you can thoroughly analyze what went wrong and make the necessary updates.
upvoted 0 times
...
Lenna
5 months ago
I remember we discussed that business activities related to money laundering are definitely a red flag. So, B seems like a good choice.
upvoted 0 times
...
Abel
1 year ago
A - During the incident, of course! Multitasking at its finest. You can update the plan while also putting out fires. What could go wrong?
upvoted 0 times
...
Leonie
1 year ago
B! Tabletop exercises are the ideal time to test the plan and find those weaknesses. Plus, it's a lot less stressful than a real incident.
upvoted 0 times
...
Roselle
1 year ago
I'd have to go with D. Doing a full risk reassessment first will help ensure the updated plan covers all the bases. No point in rushing it.
upvoted 0 times
Rosann
1 year ago
C) During post-incident review
upvoted 0 times
...
Leigha
1 year ago
B) During a tabletop exercise
upvoted 0 times
...
Fletcher
1 year ago
A) While responding to the incident
upvoted 0 times
...
...
Vallie
1 year ago
I believe updating the plan after a risk reassessment would also be beneficial to ensure it aligns with the current threat landscape.
upvoted 0 times
...
Lucille
1 year ago
Definitely C. Trying to fix the plan while dealing with a crisis is just asking for trouble. Post-incident review is the perfect time to make those improvements.
upvoted 0 times
...
Nida
1 year ago
Updating the plan during the actual incident response? What could go wrong, right? I think C is the way to go.
upvoted 0 times
Corrinne
1 year ago
C) During post-incident review
upvoted 0 times
...
Delila
1 year ago
B) During a tabletop exercise
upvoted 0 times
...
Coral
1 year ago
A) While responding to the incident
upvoted 0 times
...
...
Johana
1 year ago
I agree with Carma. It's important to learn from the incident and make necessary improvements.
upvoted 0 times
...
Carma
1 year ago
I think the best time to update the plan is during post-incident review.
upvoted 0 times
...

Save Cancel