While responding to a high-profile security incident, an information security manager observed several deficiencies in the current incident response plan. When would be the BEST time to update the plan?
My answer is B. Not sure why the correct answer is C? Option C is primarily designed for training and testing, rather than immediate plan updates during a real high-profile security incident.
B seems to be the best answer although, "during" post-incident review has me hung up a bit. It should be right after a post-incident review. During the post-incident review is providing you valuable information that will feed into updating the incident response plan.
During the post incident review, lessons learned and recommendations for improvements are analyzed and documented. Updating processes and plans is not done at this stage.
It is during the Planning & Preparation phase, that the recommendations from PIR are evaluated and implemented. Tabletop exercises could be a perfect opportunity to test the recommendations and update accordingly.
D. After a risk reassessment
Updating the incident response plan after a risk reassessment allows you to incorporate the lessons learned from the high-profile security incident and ensure that the plan is better aligned with the current threat landscape and organizational priorities. This approach allows for a more informed and proactive response to future incidents, taking into account any deficiencies and vulnerabilities identified during the incident response process.
ChatGPT says B, not D.
oluch.. has as much a right as any of us to post his responses, both right and wrong. So long as his comments not personal and are sticking to the guidelines......I'll just say thank you, oluch and good luck with your CISM.
And no, I am not looking for a fight....just wanted to support all participants who are here to learn.
B as it says that there is currently an ongoing incident within which they have noticed issues. It is best to address them as soon as possible and that is during the post-incident review.
During post-incident review. This is typically the best time to update the plan because the team can reflect on what went well and what did not, and make necessary changes based on lessons learned.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Booict
3 months, 3 weeks agoenk
11 months, 2 weeks agorichck102
1 year, 1 month agoCISSPST
1 year, 1 month agooluchecpoint
1 year, 2 months agoAaronS1990
1 year, 2 months agoCISSPST
1 year, 1 month agoAaronS1990
1 year, 2 months agoEwunia
1 year, 3 months agoenojado
1 year, 3 months agoAidanSun
1 year, 3 months ago