What is the PRIMARY goal of incident handling?
A.
Successfully retrieve all evidence that can be used to prosecute
B.
Improve the company’s ability to be prepared for threats and disasters
C.
Improve the company’s disaster recovery plan
D.
Contain and repair any damage caused by an event.
Explanation:
The primary goal of incident handling is to contain, eradicate, and recovery from the incident. See step 3 below.
Note: The Incident Handling lifecycle can be divided into the following four steps:
1. Preparation
2. Detection and Analysis
3. Containment, Eradication, and Recovery
4. Post-incident Activity
Incorrect Answers:
A: Retrieving evidence to prosecute is not part of Incident Handling.
B: Preparation is part of incident handling lifecycle, but it is not the most important goal.
C: Improving the disaster recovery plan is not a goal of incident handling.Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012,
p. 331