Which choice below would NOT be considered a benefit of employing
incident-handling capability?

A.
An individual acting alone would not be able to subvert a security process or control.

B.
It enhances internal communications and the readiness of the organization to respond to
incidents.

C.
Security training personnel would have a better understanding of users knowledge of security
issues.

D.
It assists an organization in preventing damage from future incidents.

Explanation:
The primary benefits of employing an incident-handling capability
are containing and repairing damage from incidents and preventing
future damagE. Additional benefits related to establishing an incidenthandling
capability are:
Enhancement of the risk assessment process. An incidenthandling
capability will allow organizations to collect threat
data that may be useful in their risk assessment and safeguard
selection processes (e.g., in designing new systems). Statistics
on the numbers and types of incidents in the organization can
be used in the risk-assessment process as an indication of
vulnerabilities and threats.
Enhancement of internal communications and the readiness of
the organization to respond to any type of incident, not just
computer security incidents. Internal communications will be
improved, management will be better organized to receive
communications, and contacts within public affairs, legal staff,
law enforcement, and other groups will have been preestablished.
Security training personnel will have a better understanding of
users knowledge of security issues. Trainers can use actual
incidents to vividly illustrate the importance of computer
security. Training that is based on current threats and controls
recommended by incident-handling staff provides users with

information more specifically directed to their current needs,
thereby reducing the risks to the organization from incidents.
*Answer “An individual acting alone would not be able to subvert a security process or control” is a
benefit of employing separation of duties controls.
Source: National Institute of Standards and Technology, An Introduction
to Computer Security: The NIST Handbook Special Publication 800-12.