Incident response is one of the major organizational capabilities. As an information security manager, you are developing the incident management plan for incident response. Which of the following is the least concern?
A. Computer forensics
B. Call tree
C. Spokesperson
D. Relocation
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is D. Relocation.
Relocation is addressed by the Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP). The DRP addresses the technical aspects of relocation, such as data centers, network connections, information systems, and so forth.
Disaster notification or activation of DRP can be considered as part of the incident escalation procedure, but relocation itself is not a concern of incident response planning.
As an information security manager, you are developing the incident management plan for incident response. The incident management plan should consider the following issues:
- Incident response team or organization that includes roles with skills such as system administration, network administration, programming, technical support, intrusion detection, malware analysis, or forensics.
- Communication with external stakeholders, such as the media, law enforcement, CSIRTs, ISACs, ISPs, vendors, and so forth. It’s beneficial to designate a single point of contact (POC) and at least one backup contact. Designating a spokesperson in charge of the communication with the media is a good practice.
- Incident reporting and escalation procedures and communication with internal stakeholders. A call tree is the communication channel of the incident response organization. Incident reporting and escalation relies on the call tree to communicate with stakeholders to respond to incidents. The call tree should account for primary and alternate contact methods and should discuss procedures to be followed if an individual cannot be contacted.
References
- NIST SP 800-61 R2 (Computer Security Incident Handling Guide Recommendations)
- Stages of Incident Response
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.
Thanks for wonderful questions. I think it call tree which used to test the reality in crisis