A company was recently the victim of a major attack which resulted in significant reputational loss. Joe a member of the company incident response team is
currently reviewing Standard Operating Procedures for the team in the wake of the attack. Which of the following BEST identifies the stage of incident response that
Joe is in?
A.
Reporting
B.
Lessons learned
C.
Mitigation steps
D.
Preparation
In my opinion, the question does not contain enough information to determine the state of incident response. The Standard Operating Procedures can be reviewed at any time/stage during the incident – for example, for reference on what to do or who to contact. The wording “reviewing Standard Operating Procedures … in the wake of the attack” does not provide enough information.
0
0
he’s reviewing it FOR the team. Would this not then be preparation?
0
0
The lessons learned process is used to gain value from incidents. After a major incident has been handled, the organization should hold a lessons-learned meeting to review the effectiveness of the incident handling process and identify necessary improvements to existing security controls and practices……key word is REVIEW. B is correct.
1
0