Which choice below would NOT be considered a benefit of employing incident-handling capability?
A.
An individual acting alone would not be able to subvert a security process or control.
B.
It enhances internal communications and the readiness of the organization to respond to
incidents.
C.
Security training personnel would have a better understanding of users knowledge of security
issues.
D.
It assists an organization in preventing damage from future incidents.
Explanation:
The primary benefits of employing an incident-handling capability are containing and repairing
damage from incidents and preventing future damagE. Additional benefits related to establishing an
incidenthandling capability are: Enhancement of the risk assessment process. An incidenthandling
capability will allow organizations to collect threat data that may be useful in their risk assessment
and safeguard selection processes (e.g., in designing new systems). Statistics on the numbers and
types of incidents in the organization can be used in the risk-assessment process as an indication of
vulnerabilities and threats. Enhancement of internal communications and the readiness of the
organization to respond to any type of incident, not just computer security incidents. Internal
communications will be improved, management will be better organized to receive communications,
and contacts within public affairs, legal staff, law enforcement, and other groups will have been
preestablished. Security training personnel will have a better understanding of users knowledge of
security issues. Trainers can use actual incidents to vividly illustrate the importance of computer
security. Training that is based on current threats and controls recommended by incident-handling
staff provides users with information more specifically directed to their current needs, thereby
reducing the risks to the organization from incidents. *Answer “An individual acting alone would not
be able to subvert a security process or control” is a benefit of employing separation of duties
controls. Source: National Institute of Standards and Technology, An Introduction to Computer
Security: The NIST Handbook Special Publication 800-12.