Question: The PRIMARY purpose of involving third-party teams for carrying out post event reviews of information security incidents is to:
A.) enable independent and objective review of the root cause of the incidents.
B.) obtain support for enhancing the expertise of the third-party teams.
C.) identify lessons learned for further improving the information security management process.
D.) obtain better buy-in for the information security program.

Download pdf (with explanations) edition of this exam.