The PRIMARY purpose of involving third-party teams for carrying out post event reviews of
information security incidents is to:

A.
enable independent and objective review of the root cause of the incidents.

B.
obtain support for enhancing the expertise of the third-party teams.

C.
identify lessons learned for further improving the information security management process.

D.
obtain better buy-in for the information security program.

Explanation:

It is always desirable to avoid the conflict of interest involved in having the information security
team carries out the post event review. Obtaining support for enhancing the expertise of the thirdparty teams is one of the advantages, but is not the primary driver. Identifying lessons learned for
further improving the information security management process is the general purpose of carrying
out the post event review. Obtaining better buy-in for the information security program is not a
valid reason for involving third-party teams.