Which of the following incident handling process phases is responsible for defining rules, collaborating human
workforce, creating a back-up plan, and testing the plans for an organization?
A.
Preparation phase
B.
Containment phase
C.
Identification phase
D.
Recovery phase
Explanation:
There are several key elements to have implemented in preparation phase in order to help mitigate any
potential problems that may hinder one’s ability to handle an incident. For the sake of brevity, the following
should be performed:
Policy – a policy provides a written set of principles, rules, or practices within an Organization.
Response Plan/Strategy – after establishing organizational policies, now it is time to create a plan/strategy
to handle incidents. This would include the creation of a backup plan.
Communication – having a communication plan is necessary, due to the fact that it may be necessary to
contact specific individuals during an incident.
Documentation – it is extremely beneficial to stress that this element is particularly necessary and can be a
substantial life saver when it comes to incident response.
https://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901