Which of the following incident response plan steps would MOST likely engaging business
professionals with the security team to discuss changes to existing procedures?
A.
Recovery
B.
Incident identification
C.
Isolation / quarantine
D.
Lessons learned
E.
Reporting
Question with a very poor grammar:
KEY CONCEPT: There are two concepts in here
The first one is ” incident response plan steps” which may lead to “changes to existing procedures”
So we have an incident, and we responded to it. As a result of said response, we then can “discuss changes to existing procedures”.
So this is a discussion which took place AFTER the incident.
The one that best fits the criteria is “lessons learned” which is an item for discussion
Recovery, Incident Identification, Isolation / quarantine and Reporting are steps /actions to be taken, but only “Lessons learned” provide the require information for discussion.
0
0