Which of the following BEST identifies the stage of inc…

A company was recently the victim of a major attack which resulted in significant reputational loss. Joe a member of the company incident response team is
currently reviewing Standard Operating Procedures for the team in the wake of the attack. Which of the following BEST identifies the stage of incident response that
Joe is in?

A company was recently the victim of a major attack which resulted in significant reputational loss. Joe a member of the company incident response team is
currently reviewing Standard Operating Procedures for the team in the wake of the attack. Which of the following BEST identifies the stage of incident response that
Joe is in?

A.
Reporting

B.
Lessons learned

C.
Mitigation steps

D.
Preparation

Show Hint

Leave a Reply to DaveyBoy Cancel reply3

Your email address will not be published. Required fields are marked *

2 + nineteen =

ikam

ikam

In my opinion, the question does not contain enough information to determine the state of incident response. The Standard Operating Procedures can be reviewed at any time/stage during the incident – for example, for reference on what to do or who to contact. The wording “reviewing Standard Operating Procedures … in the wake of the attack” does not provide enough information.

Reply

DaveyBoy

DaveyBoy

he’s reviewing it FOR the team. Would this not then be preparation?

Reply

aikman

aikman

The lessons learned process is used to gain value from incidents. After a major incident has been handled, the organization should hold a lessons-learned meeting to review the effectiveness of the incident handling process and identify necessary improvements to existing security controls and practices……key word is REVIEW. B is correct.

Reply