CERTIFIED-IN-CYBERSECURITY Question #434: Real Exam Question with Answer & Explanation

Question

Why is it a best practice to have a documented incident response plan? ()

Options

• ATo provide a clear and consistent process for handling security incidents and minimizing their
• BTo ensure that security incidents are ignored and not reported
• CTo eliminate the need for security training for employees
• DTo reduce the frequency of security audits and assessments

Explanation

A documented incident response plan is a best practice because it provides a clear and consistent process for handling security incidents. This plan outlines the steps to be taken when a security incident occurs, ensuring that the incident is effectively managed and the necessary actions are taken to mitigate the problem and minimize its impact (see ISC2 Study Guide, Chapter 5, Module 3). For example, if an organization discovers a data breach, a well- documented incident response plan would guide the response team through the steps of identifying the source of the breach, containing the breach, eradicating the threat, restoring affected systems, and conducting a post-incident review to learn from the event and prevent future occurrences. As for the remaining options, ignoring and not reporting security incidents increases the risk of a security incident rather than reducing it. While a documented plan provides guidance, it does not eliminate the need for employee security training. Finally, having a documented plan does not reduce the frequency of security audits and assessments.

No community discussion yet for this question.