After the occurrence of a major information security incident, which of the following will BEST help an information security manager determine corrective actions?

A. Calculating cost of the incident B. Conducting a postmortem assessment C. Preserving the evidence D. Performing am impact analysis

Correct Answer: B????? or D??????

_____________________

Note

The official answer is "D. Performing am impact analysis" (but it could also be wrong because it is not certified by ISACA) Other experts claim that the correct answer is: "B. Conducting a postmortem assessment"

Your expert opinion (and explanation) is strongly requested. Many thanks in advance.

Many thanks!