Which choice below is NOT an accurate statement about an
organization’s incident-handling capability?
A.
The organization’s incident-handling capability should be used to
contain and repair damage done from incidents.
B.
It should be used to prevent future damage from incidents.
C.
The organization’s incident-handling capability should be used to
detect and punish senior-level executive wrong-doing.
D.
It should be used to provide the ability to respond quickly and
effectively to an incident.
Explanation:
An organization should address computer security incidents by
developing an incident-handling capability. The incident-handling
capability should be used to:
Provide the ability to respond quickly and effectively.
Contain and repair the damage from incidents. When left
unchecked, malicious software can significantly harm an organization’s
computing, depending on the technology and its connectivity.
Containing the incident should include an assessment of
whether the incident is part of a targeted attack on the organization
or an isolated incident.
Prevent future damage. An incident-handling capability should
assist an organization in preventing (or at least minimizing) damage
from future incidents. Incidents can be studied internally to
gain a better understanding of the organization’s threats and vulnerabilities.
Source: NIST Special Publication 800-14, Generally Accepted Principles
and Practices for Securing Information Technology Systems.