When should a post-mortem review meeting be held after an intrusion has been properly taken care of?

Notifying the appropriate parties to take action in order to determine the extent of the severity of an incident and
to remediate the incident’s effects is part of:

When two or more separate entities (usually persons) operating in concert to protect sensitive functions or
information must combine their knowledge to gain access to an asset, this is known as:

Which type of control is concerned with restoring controls?

In the course of responding to and handling an incident, you work on determining the root cause of the incident.
In which step are you in?

When referring to a computer crime investigation, which of the following would be the MOST important step
required in order to preserve and maintain a proper chain of custody of evidence:

Who is responsible for initiating corrective measures and capabilities used when there are security violations?

Another example of Computer Incident Response Team (CIRT) activities is:

The exact requirements for the admissibility of evidence vary across legal systems and between different cases
(e.g., criminal versus tort). At a more generic level, evidence should have some probative value, be relevant to
the case at hand, and meet the following criteria which are often called the five rules of evidence:

Which of the following questions is LESS likely to help in assessing controls over hardware and software
maintenance?