When responding to an incident after the triage phase, which of the following should be conducted first? (Wentz QOTD)
A. Identify the root cause and work out a solution
B. Implement a workaround to restore the service level
C. Conduct retrospective to improve continously
D. Prioritize the incident based on importance and urgency
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is B. Implement a workaround to restore the service level.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
Responding to an incident after the triage phase implies the incident is analyzed and validated, and the incident response team gets started to contain and eradicate it. Implementing a workaround to restore the service level is a containment measure. Identifying the root cause and working out a solution typically comes after containment.
NIST SP 800-61 R2
在分類(triage)階段後響應事件時，應首先執行以下哪一項？ (Wentz QOTD)