ISC Exam Questions

Which choice below is NOT an accurate statement about an organization’s incident-handling capa

Which choice below is NOT an accurate statement about an organization’s incident-handling
capability?

A.
The organization’s incident-handling capability should be used to contain and repair damage done
from incidents.

B.
It should be used to prevent future damage from incidents.

C.
The organization’s incident-handling capability should be used to detect and punish senior-level
executive wrong-doing.

D.
It should be used to provide the ability to respond quickly and effectively to an incident.

Explanation:

An organization should address computer security incidents by developing an incident-handling
capability. The incident-handling capability should be used to: Provide the ability to respond quickly
and effectively. Contain and repair the damage from incidents. When left unchecked, malicious
software can significantly harm an organization’s computing, depending on the technology and its
connectivity. Containing the incident should include an assessment of whether the incident is part of
a targeted attack on the organization or an isolated incident. Prevent future damage. An incidenthandling capability should assist an organization in preventing (or at least minimizing) damage from
future incidents. Incidents can be studied internally to gain a better understanding of the
organization’s threats and vulnerabilities. Source: NIST Special Publication 800-14, Generally
Accepted Principles and Practices for Securing Information Technology Systems.