Scheduling a review with all teams to discuss what occurred allows for a comprehensive post-incident analysis and facilitates a collective understanding of the incident's causes, impact, and response effectiveness. This review involves key stakeholders from various teams involved in incident response, including technical teams, management, legal, and communication teams. By gathering input from all relevant parties, the organization can identify strengths, weaknesses, and areas for improvement in its incident response process.
I am kind of leaning with C here.
Why would you meet with ALL teams of a company to discuss what happened in an incident? In any incident, leadership knowing what happened afterward is a must.
This is coming from someone who has done IR for 2 years.
B. One of the best actions to take after the conclusion of a security incident to improve incident response in the
future is to schedule a review with all teams to discuss what occurred, what went well, what went wrong,
and what can be improved.
Correct.
The purpose of this review is to identify the root causes of the incident, evaluate the effectiveness of the incident response process, document any gaps or weaknesses in the security controls, and recommend corrective actions or preventive measures for future incidents.
upvoted 2 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
BanesTech
Highly Voted 1 month, 2 weeks agomaggie22
Most Recent 12 hours, 21 minutes agoCpt_Emerald
4 months, 3 weeks agoeapau6022
6 months, 1 week agoAlizade
7 months agokmordalv
9 months, 1 week ago