210-255 · Question #72
Which of the following is one of the main goals of the CSIRT?
The correct answer is C. To minimize and control the damage associated with incidents, provide guidance for mitigation,. The primary mission of a CSIRT is incident response - specifically minimizing damage from security incidents and guiding recovery and mitigation efforts.
Question
Which of the following is one of the main goals of the CSIRT?
Options
- ATo configure the organization's firewalls
- BTo monitor the organization's IPS devices
- CTo minimize and control the damage associated with incidents, provide guidance for mitigation,
- DTo hire security professionals who will be part of the InfoSec team of the organization.
How the community answered
(37 responses)- A3% (1)
- C95% (35)
- D3% (1)
Why each option
The primary mission of a CSIRT is incident response - specifically minimizing damage from security incidents and guiding recovery and mitigation efforts.
Configuring firewalls is a network or security administration function performed by security engineers, not a CSIRT responsibility.
Monitoring IPS devices is a continuous operational task belonging to a Security Operations Center (SOC), not an incident response team.
A CSIRT (Computer Security Incident Response Team) is chartered to respond to security incidents by containing and minimizing damage, coordinating response activities, and providing mitigation guidance to affected parties. These goals are distinct from day-to-day operational security tasks and focus on reducing business impact when incidents occur.
Hiring security professionals is an HR and management function, not a core goal or responsibility of a CSIRT.
Concept tested: CSIRT primary mission and goals
Source: https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final
Topics
Community Discussion
No community discussion yet for this question.