Which of the following is the least practical statement about incident reporting? (Wentz QOTD)
A. Reporting may be subject to privacy laws.
B. Reporting should be done once an incident is confirmed.
C. Reporting should be done as early as an incident is detected.
D. Reporting should consider the requirements of all stakeholders.
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. Reporting should be done as early as an incident is detected.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
Reference
以下哪項是關於事故通報最不切實際的陳述? (Wentz QOTD)
A. 通報可能受隱私法的約束
B. 一旦事故得到確認,應進行通報。
C. 應在發現事故後即進行通報。
D. 通報應考慮所有利益相關者的要求。