Over the long term, which of the following has the greatest potential to improve the security
incident response process?

A.
A walkthrough review of incident response procedures

B.
Postevent reviews by the incident response team

C.
Ongoing security training for users

D.
Documenting responses to an incident

Explanation:
Postevent reviews to find the gaps and shortcomings in the actual incident response processes will
help to improve the process over time. Choices A, C and D are desirable actions, but postevent
reviews are the most reliable mechanism for improving security incident response processes.