The security officer is preparing a read-only USB stick with a document of important personal phone
numbers, vendor contacts, an MD5 program, and other tools to provide to employees. At which of the
following points in an incident should the officer instruct employees to use this information?
A.
Business Impact Analysis
B.
First Responder
C.
Damage and Loss Control
D.
Contingency Planning
Explanation:
Incident response procedures involves: Preparation; Incident identification; Escalation and notification;
Mitigation steps; Lessons learned; Reporting; Recover/reconstitution procedures; First responder;
Incident isolation (Quarantine; Device removal); Data breach; Damage and loss control. In this scenario
the security officer is carrying out an incident response measure that will address and be of benefit to
those in the vanguard, i.e. the employees and they are the first responders.
Incorrect Answers:
A: A business impact analysis (BIA) is concerned with evaluating the processes in the likelihood of a loss. A
business impact analysis is an integral part of Business continuity planning which is a management tool
that ensures that critical business functions can be performed when normal business operations are
disrupted. In this case the question refers to a process within the incident response plan being carried out
by an incident response team member.
C: Damage and loss Control is a critical, but a security officer arming employees (those in the vanguard)
with tools to mitigate risk when they encounter an incident seems more like a first responder phase in
incident response procedures.
D: Contingency planning is not normally part of an incidence response policy.Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 429, 432