nerdexam
(ISC)2

CISSP-ISSMP · Question #157

The incident response team has turned the evidence over to the forensic team. Now, it is the time to begin looking for the ways to improve the incident response process for next time. What are the typ

The correct answer is A. Information dissemination policy B. Electronic monitoring statement C. Additional personnel security controls D. Incident response plan. All four options represent valid areas for post-incident improvement: (A) Information dissemination policy - reviewing how information was shared internally and externally during the incident. (B) Electronic monitoring statement - evaluating whether monitoring capabilities were s

Security Operations Management

Question

The incident response team has turned the evidence over to the forensic team. Now, it is the time to begin looking for the ways to improve the incident response process for next time. What are the typical areas for improvement? Each correct answer represents a complete solution. Choose all that apply.

Options

  • AInformation dissemination policy
  • BElectronic monitoring statement
  • CAdditional personnel security controls
  • DIncident response plan

How the community answered

(29 responses)
  • A
    100% (29)

Explanation

All four options represent valid areas for post-incident improvement: (A) Information dissemination policy - reviewing how information was shared internally and externally during the incident. (B) Electronic monitoring statement - evaluating whether monitoring capabilities were sufficient to detect and track the incident. (C) Additional personnel security controls - identifying whether employee-related vulnerabilities (e.g., insider threats, social engineering susceptibility) contributed to the incident. (D) Incident response plan - updating the plan itself based on lessons learned from the actual event. The post-incident review (lessons-learned phase) should be comprehensive, covering technical, procedural, and human aspects.

Topics

#Incident Response Process#Post-Incident Review#Continuous Improvement#Security Operations Management

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSMP Practice