Which of the following procedures is designed to enable security personnel to identify, mitigate,
and recover from malicious computer incidents, such as unauthorized access to a system or data,
denial-of-service, or unauthorized changes to system hardware, software, or data? 
A.
Cyber Incident Response Plan 
B.
Crisis Communication Plan 
C.
Disaster Recovery Plan 
D.
Occupant Emergency Plan 
Explanation:
The Cyber Incident Response Plan is used to address cyber attacks against an organization’s IT
system through various procedures. These procedures enable security personnel to identify,
mitigate, and recover from malicious computer incidents, such as denial-of-service attacks,
unauthorized accessing of a system or data, or unauthorized changes to system hardware,
software, or data.
Answer option C is incorrect. A disaster recovery plan should contain data, hardware, and
software that can be critical for a business. It should also include the plan for sudden loss such as
hard disc crash. The business should use backup and data recovery utilities to limit the loss of
data.
Answer option D is incorrect. The Occupant Emergency Plan (OEP) is used to reduce the risk to
personnel, property, and other assets while minimizing work disorders in the event of an
emergency. It is the response procedure for occupants of a facility on the occurrence of a
situation, which is posing a potential threat to the health and safety of personnel, the environment,
or property. OEPs are developed at the facility level, speci?c to the geographic site and structural
design of the building.
Answer option B is incorrect. The crisis communication plan can be broadly defined as the plan for
the exchange of information before, during, or after a crisis event. It is considered as a subspecialty of the public relations profession that is designed to protect and defend an individual,
company, or organization facing a public challenge to its reputation. The aim of crisis
communication plan is to assist organizations to achieve continuity of critical business processes
and information flows under crisis, disaster or event driven circumstances.
Cyber Incident Response Plan