I have completed Domain 2: Incident Response, BCP, DR and I was wondering about this question:
If the Incident response team is responsible for assessing the damage, then who is responsible for reducing the impact of incidents?
Thank you very much
With a continuity incident you could only really reduce the impact through having prepared for a business interruption. So if you had east/west power from 2 different substations, 3 backup generator sets, arrangements to refuel them if necessary, dual data ingress to a facility etc. those are only things that you can do in advance, rather than as response.
Actually in other advanced ISC2 exam, it's often that every multi-choice question has 2 or more correct answers. You have to choose the most suitable one.
If you think the question/answer are incorrect, you should let Exam Administration know.
In this case, I believe the answer provided "Assessing and Scoping" is correct.
For my part, I believe this is a terrible question with two of the answers being throw aways such that the candidate has a 50/50 chance of getting it right or wrong.
For reference, if you look at NIST (great references), you will find:
NIST incident response lifecycle breaks incident response down into four main phases: Preparation; Detection and Analysis; Containment, Eradication, and Recovery; and Post-Event Activity.
The Preparation phase covers the work an organization does to get ready for incident response, including establishing the right tools and resources and training the team. This phase includes work done to prevent incidents from happening.
Accurately detecting and assessing incidents is often the most difficult part of incident response for many organizations, according to NIST.
This phase focuses on keeping the incident impact as small as possible and mitigating service disruptions.
Learning and improving after an incident is one of the most important parts of incident response and the most often ignored. In this phase the incident and incident response efforts are analyzed. The goals here are to limit the chances of the incident happening again and to identify ways of improving future incident response activity.
Incident Management and Incident Response are roles that is included in various frameworks such as ITIL, NIST and so on. You can see more in ISO/IEC 27035. I would point out that for the CISSP exam it is important to understand these roles and objectives. In here you can see that Incident Response is responsible for assessment and decision which would lead to scoping the work.
Incident Response main responsibilities:
Planning and Preparation,
Detection and Reporting,
Assessment and Decision,
Response, and
Lessons Learned.
Incident Management encompasses roles and functions for incident management, one of which is incident response. The focus of Incident Management assess the effectiveness of the Incidence Response team and make adjustments to the incident Response plans to become more effective to the organisation, thus reducing the impact of incidents to the business, not Incident Response.