Exam CISSP topic 1 question 137 discussion

benefit! only B

All answers should always point to objective of the business. Would your answer benefit the business as a Ceo?

A: Incident reporting can be part of policy, however not every reported incident is required by law enforcers as there might not be an investigation

prevent from happening again is more important than provide evidence otherwise you will provide evidence multiple times and lower the trust in your company

C. Setting aside the company's responsibilities, preventing unnecessary litigation, and investigating can also prevent future incidents from happening again

A. it is A, an Incident is different then an accident - Incident has no damage where accident has damages... all incidents must be documented per Organization set policies.

Incident reporting and crime investigation provide evidence to law enforcement. Lessons learned support preventing future occurrences, which has not been mentioned here.

I think it’s B, thinking like a manager. - Primary benefit to the organisation, B. Primary benefit to society, C

The PRIMARY benefit of incident reporting and computer crime investigations is B: "Repairing the damage and preventing future occurrences". Incident reporting helps to identify and analyze security incidents, and computer crime investigations help to determine the cause of the incident and take steps to prevent it from happening again in the future. While complying with security policy, providing evidence to law enforcement, and appointing a computer emergency response team are important, they are not the primary benefit of incident reporting and computer crime investigations. Providing evidence to law enforcement is an important benefit of incident reporting and computer crime investigations, but it is not the primary benefit because the main focus of incident reporting and computer crime investigations is to repair the damage and prevent future occurrences.

the PRIMARY benefit can be considered as C. Providing evidence to law enforcement. providing evidence to law enforcement is an important benefit of incident reporting and computer crime investigations. While repairing the damage and preventing future occurrences is also a significant benefit, the ability to provide evidence to law enforcement can contribute to the identification, apprehension, and prosecution of individuals involved in computer crimes. It helps in holding perpetrators accountable for their actions and deterring future criminal activity.

I am going with B. An incident report can be anything, like a drive that failed, or a server that crashed, etc. So that needs to be repaired. That's the benefit of an incident report, that the problem will be fixed. Only B addresses repairing a crashed server. Now the confusing part is the crime investigation, but once you figure out how it happened it can be prevented in the future. Complaining to law enforcement is often pointless bc computer crimes are hard to prosecute since they don't have a clear jurisdiction and criminals are hard to catch. So B seems pretty solid, although C is a part of the answer.

From CBK: All incidents should be investigated and remediated to restore the organization's normal operations as quickly as possible and to minimize impacts like lost productivity or revenue. Resuming normal service is the primary goal of incident management.

By conducting investigations and reporting incidents, organizations can identify the root cause of the incident and take corrective action to prevent it from happening again. Additionally, incident reporting and investigations can help organizations to improve their security posture by identifying vulnerabilities and weaknesses in their security controls.

C. Correct answer Providing evidence to law enforcement is the PRIMARY benefit of incident reporting and computer crime investigations. The primary goal of incident reporting and computer crime investigations is to collect evidence that can be used to identify and prosecute the individuals or organizations responsible for the crime. This may include identifying the methods used to gain unauthorized access, determining the extent of the damage caused, and identifying any sensitive data that may have been compromised. A. Complying with security policy is also important as it helps organizations to identify and report incidents as part of their compliance requirements and to meet the regulatory requirements. B. Repairing the damage and preventing future occurrences is a secondary goal. It can help to minimize the damage caused by the incident and prevent it from happening again in the future. D. Appointing a computer emergency response team (CERT) is an important step in incident response, CERT team can play a key role in identifying and responding to security incidents and to help organizations to recover from the incident.

Policies drives what is an incident and reportable.

C is correct. What is computer forensics? Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. reference: https://www.techtarget.com/searchsecurity/definition/computer-forensics

This is confusing question, the best answer is C.