The PRIMARY purpose of involving third-party teams for carrying out post event reviews of information security incidents is to:
A . enable independent and objective review of the root cause of the incidents.
B . obtain support for enhancing the expertise of the third-party teams.
C . identify lessons learned for further improving the information security management process.
D . obtain better buy-in for the information security program.
Answer: A
Explanation:
It is always desirable to avoid the conflict of interest involved in having the information security team carries out the post event review. Obtaining support for enhancing the expertise of the third-party teams is one of the advantages, but is not the primary driver. Identifying lessons learned for further improving the information security management process is the general purpose of carrying out the post event review. Obtaining better
buy-in for the information security program is not a valid reason for involving third-party teams.