Re: incident management steps identified by (ISC)2

Mahender · ‎09-21-2024

3. In the incident management steps identified by (ISC)2
, which of the following occurs first?
A. Response
B. Mitigation
C. Remediation
D. Lessons learned

Seems the ISC 2 9th edition questions have typo, in the above question the answer has been given as D, but the explanation says Detection which was not given in the options.

D. The first step is detection. The seven steps (in order) are detection, response, mitigation,
reporting, recovery, remediation, and lessons learned.

dcontesti · ‎09-23-2024

@CBMExamTeam Can you folks have someone contact @Mahender to resolve their issues.

We on the forum do not necessarily have access to ISC 2 9th edition questions nor do we have the ability to make corrections.

@mahender Your concerns should be directed to Exam Administration.

I agree D is not the correct answer as the question is posted

d

emb021 · ‎09-24-2024

Huh?

NIST has already identified the steps for incident management (see NIST SP800-61R3), which is followed by SANS in their training.

There are *6* steps, not 7.

They are:

Preparation
Identification
Containment
Eradication
Recovery
Lessons Learned

Detection is most certainly NOT the first step.

I hope ISC2 is following this industry accepted process in their training and testing.

---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, GLEG, GSNA, CIST, CIGE, ISSA Fellow

CBMExamTeam · ‎09-26-2024

@dcontesti @Mahender

Thank you for reaching out via the ISC2 Community board.

Please see the lengthy reply with contact information for Wiley & Sons.

Also, I would be remiss if I didn't point out that these questions arise from The ISC2 CISSP Certified Information Systems Security Professional Official Study Guide (Sybex Study Guide) 9th ed. published in 2021.

The latest edition, published in 2024, is the 10th edition. The discrepancies you are finding may well have been addressed in this current version. That might be another question for Wiley & Sons.

Mahender · ‎09-27-2024

Hi Team,

Thanks for addressing. How could I get the latest 10th edition.

Thanks/Mahender.

denbesten · ‎09-27-2024

Available from the publisher: https://www.wiley.com/en-us/ISC2+CISSP+Certified+Information+Systems+Security+Professional+Official+...

ericgeater · ‎09-27-2024

@denbesten Here's the errata itself for that specific book. As @CBMExamTeam mentioned, you can email to submit something as an errata, but did @Mahender check the errata list to see if his question was previously addressed?

-----------
A claim is as good as its veracity.

JoePete · ‎09-27-2024

@CBMExamTeam wrote:
Also, I would be remiss if I didn't point out that these questions arise from The ISC2 CISSP Certified Information Systems Security Professional Official Study Guide (Sybex Study Guide) 9th ed. published in 2021.

To that point, NIST has updated its framework since 2021. This is one (of a few reasons) why these kinds of questions aren't good fodder for the test. If you read the NIST documents in detail (and the same applies to other frameworks), at some point, you will see a statement like "You should choose the framework that suits your organization and test and update it as you find necessary." These things aren't meant to be immutable, but we test people like they are.

emb021 · ‎09-30-2024

@JoePete wrote "To that point, NIST has updated its framework since 2021."

And WHICH framework would that be?

YES, they have updated the Cybersecurity Framework. the controls for the RMF and are currently updating the Privacy Framework, BUT they still follow the same steps for their incident handling (SP800-61R2, updated in 2012): Preparation, Detection & Analysis, Containment, Eradication, Recovery, and Post-Incident.

So NO in regards to incident handling, they haven't changed the steps.

And the first step is STILL Preparation.

---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, GLEG, GSNA, CIST, CIGE, ISSA Fellow