Your organization suffers from a ransomware attack, threatening to publish confidential customer data unless a ransom is paid. The incident has been escalated to a problem. Which of the following is least likely to happen next? (Wentz QOTD)
A. Restore files
B. Perform forensics investigation
C. Validate if the incident is genuine
D. Conduct security awareness training
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. Validate if the incident is genuine.
An incident needs a workaround to contain it and restore service level, while a problem needs a solution to eradicate it from recurring. When an incident is escalated to a problem, it means the incident is validated as genuine and requires more in-depth study to identify the root cause and work out a solution.
Since the ransomware attack is escalated to a problem, it implies the incident is genuine, and we don’t have to validate if the incident is genuine again. Performing forensics investigation to identify the root cause, restoring files to recover operations, and conducting security awareness training to preventing ransomware from happening again are part of the problem-solving process.
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.
您的組織遭受勒索軟件攻擊，威脅要發布機密的客戶數據，除非支付了贖金。 該事故(incident)件已升級為問題(problem)。 以下哪一項最不可能在接下來發生？(Wentz QOTD)