Help
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Winny
Newcomer I
‎09-09-2024 06:03 AM
‎09-09-2024 06:03 AM

Clarification on Quiz question Domain 2: Incident management

I have completed Domain 2: Incident Response, BCP, DR and I was wondering about this question:

 

Spoiler
Winny_0-1725876138961.png

 

If the Incident response team is responsible for assessing the damage, then who is responsible for reducing the impact of incidents?

 

Thank you very much

Labels
Reply
0 Kudos
5 Replies
Steve-Wilme
Advocate II
‎09-09-2024 08:08 AM
‎09-09-2024 08:08 AM

With a continuity incident you could only really reduce the impact through having prepared for a business interruption.  So if you had east/west power from 2 different substations, 3 backup generator sets, arrangements to refuel them if necessary, dual data ingress to a facility etc.  those are only things that you can do in advance, rather than as response.

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Reply
JacobLin
Newcomer I
‎09-09-2024 09:05 AM
‎09-09-2024 09:05 AM

Actually in other advanced ISC2 exam, it's often that every multi-choice question has 2 or more correct answers. You have to choose the most suitable one. 

Reply
dcontesti
Community Champion
‎09-09-2024 09:43 AM
‎09-09-2024 09:43 AM

If you think the question/answer are incorrect, you should let Exam Administration know.

 

In this case, I believe the answer provided "Assessing and Scoping" is correct.

 

For my part, I believe this is a terrible question with two of the answers being throw aways such that the candidate has a 50/50 chance of getting it right or wrong.

 

For reference, if you look at NIST (great references), you will find:

 

NIST incident response lifecycle breaks incident response down into four main phases: Preparation; Detection and Analysis; Containment, Eradication, and Recovery; and Post-Event Activity.

Phase 1: Preparation

The Preparation phase covers the work an organization does to get ready for incident response, including establishing the right tools and resources and training the team. This phase includes work done to prevent incidents from happening.

Phase 2: Detection and Analysis

Accurately detecting and assessing incidents is often the most difficult part of incident response for many organizations, according to NIST.

Phase 3: Containment, Eradication, and Recovery

This phase focuses on keeping the incident impact as small as possible and mitigating service disruptions.

Phase 4: Post-Event Activity

Learning and improving after an incident is one of the most important parts of incident response and the most often ignored. In this phase the incident and incident response efforts are analyzed. The goals here are to limit the chances of the incident happening again and to identify ways of improving future incident response activity.

Reply
Winny
Newcomer I
‎09-12-2024 07:12 AM
‎09-12-2024 07:12 AM

Hi there, thanks for the clarification. I understand that assess and scoping damage is the role of the incident response team; I just thought they are also involved in reducing the impact of the incident by containing it.

I guess the question is asking for the incident team's main responsibility, and assess/scoping is more of a key responsibility for them than reducing the impact? Why is that - is it because it's the most difficult part of incident response, or is it because containment is not done solely by the incident response team but also by the business?
Reply
0 Kudos
funkychicken
Contributor I
‎09-12-2024 09:00 AM
‎09-12-2024 09:00 AM

Incident Management and Incident Response are roles that is included in various frameworks such as ITIL, NIST and so on. You can see more in ISO/IEC 27035. I would point out that for the CISSP exam it is important to understand these roles and objectives. In here you can see that Incident Response is responsible for assessment and decision which would lead to scoping the work. 

 

Incident Response main responsibilities:

 

Planning and Preparation,
Detection and Reporting,
Assessment and Decision,
Response, and
Lessons Learned.

 

 

Incident Management encompasses roles and functions for incident management, one of which is incident response. The focus of Incident Management assess the effectiveness of the Incidence Response team and make adjustments to the incident Response plans to become more effective to the organisation, thus reducing the impact of incidents to the business, not Incident Response. 

 

 

Reply
0 Kudos
li.common.scroll-to.top