Assume you are an information security professional for a corporation. You have been asked to review responses and recovery from real security incidents. In addition, senior management wants a summary of the types of tests you have run on the organization's computer incident response team (CIRT) plan, the results, and lessons learned. Why would senior management want to know how a CIRT plan has been tested and the results?

Assume you are an information security professional for a corporation. You have been asked to review responses and recovery from real security incidents. In addition, senior management wants a summary of the types of tests you have run on the organization's computer incident response team (CIRT) plan, the results, and lessons learned. Why would senior management want to know how a CIRT plan has been tested and the results?

Management Of Information Security

6th Edition

ISBN:9781337405713

Author:WHITMAN, Michael.

Publisher:WHITMAN, Michael.

Chapter11: Security Maintenance

Section: Chapter Questions

Problem 1E

See similar textbooks

Similar questions

The definition of an incident varies from organization to organization. From your perspective and individual research, what is the definition of an incident and what needs to have occured in order for a security event to be declared an incident. What is the roles and responsibilities of the Incident Responder?
What are the recommended response timeframes for different levels of security incidents, and can you provide an illustrative example for each level?
List and explain at least one reason that you feel planning is integral to organizational readiness concerning incident response and network forensics.
Describe in your own words how response teams determine the severity of an incident in reference to the core security incident response team (CSIRT).
In the event of a security incident, who makes the determination that a breach has/has not occurred and "breaks the glass" to execute the response plan? Choose the BEST answer. a) Chief Information Security Officer b) Chairman of the Board c) Senior-level executive d) Representatives from IT/security, legal and senior leadership
To learn more about your institution's security rules, look them up on the intranet or website. Is there a corporate security policy somewhere? Where have you come across security rules that are tailored to address a particular problem? What agency or department is in charge of issuing or coordinating all of these policies, or are they dispersed across the organization? Use the framework provided in this chapter to determine whether or not the policies you found in the preceding exercise are complete. What are the omissions in these areas?
Give some background on the term "cybersecurity" and why it's important to use it.
How does the security incident plan fits into the overall organization?
As a software developer, what part do you play in the process of discovering and correcting security vulnerabilities?According to what I understand, it does not cover everything.
Within incident preparation, the first step is to create a policy for incident response and to get the top management's agreement/approval on the policy. An incident response policy describes the standard methods used by the organization for handling information security incidents. Explain two main benefits of having such a policy prepared and approved.
What is a Containment Strategy for an Incident? Give one example and talk about it.
What are some common cybersecurity risk responses and change management, version control, and incident response processes that you might consider incorporating if you created a cybersecurity plan? Identify and discuss them. Are cybersecurity risk management processes similar from system to system? Where can you locate the best practices for preventing or mitigating cybersecurity risk management threats?