CISSP-ISSMP · Question #157
The incident response team has turned the evidence over to the forensic team. Now, it is the time to begin looking for the ways to improve the incident response process for next time. What are the typ
The correct answer is A. Information dissemination policy B. Electronic monitoring statement C. Additional personnel security controls D. Incident response plan. All four options represent valid areas for post-incident improvement: (A) Information dissemination policy - reviewing how information was shared internally and externally during the incident. (B) Electronic monitoring statement - evaluating whether monitoring capabilities were s
Question
The incident response team has turned the evidence over to the forensic team. Now, it is the time to begin looking for the ways to improve the incident response process for next time. What are the typical areas for improvement? Each correct answer represents a complete solution. Choose all that apply.
Options
- AInformation dissemination policy
- BElectronic monitoring statement
- CAdditional personnel security controls
- DIncident response plan
How the community answered
(29 responses)- A100% (29)
Explanation
All four options represent valid areas for post-incident improvement: (A) Information dissemination policy - reviewing how information was shared internally and externally during the incident. (B) Electronic monitoring statement - evaluating whether monitoring capabilities were sufficient to detect and track the incident. (C) Additional personnel security controls - identifying whether employee-related vulnerabilities (e.g., insider threats, social engineering susceptibility) contributed to the incident. (D) Incident response plan - updating the plan itself based on lessons learned from the actual event. The post-incident review (lessons-learned phase) should be comprehensive, covering technical, procedural, and human aspects.
Topics
Community Discussion
No community discussion yet for this question.