An organization's operations have been significantly impacted by a cyberattack resulting in data loss. Once the attack has been contained, what should the security team do NEXT?
An organization's operations have been significantly impacted by a cyberattack resulting in data loss. Once the attack has been contained, what should the security team do NEXT?
Once a cyberattack has been contained, the next step for the security team is to perform a root cause analysis. This analysis is crucial to understand how the attack occurred in the first place, identify any vulnerabilities that allowed the attack, and prevent similar incidents from happening in the future. Without understanding the root cause, subsequent steps such as implementing compensating controls or updating incident response plans would not be effectively targeted to address the actual weaknesses exploited by the attack.
Why not D, isn't root cause analysis done in conjunction with lessons learned?
B. Perform a root cause analysis.
B. Perform a root cause analysis: It's crucial to understand how the cyberattack occurred in the first place. A root cause analysis helps identify the vulnerabilities or weaknesses in the organization's security posture that allowed the attack to happen. This analysis informs future security improvements and helps prevent similar incidents in the future.
After incidence should be lessoned leaned. You would have performed root cause analysis to know how to solve and mitigate the issue. Answer id D
I was wrong. Answer is B. Containment is when you isolate a system to stop it from affecting or connecting to network. In this stage, the incidence hasn;t been mitigated, therefore leason learned is not valid. You need Root Cause analysis to determin what the issue is then fix/mitigate it. Answer is B. Sorry for selecting C. Admin please delete my selection.
I was wrong. Answer is B. Containment is when you isolate a system to stop it from affecting or connecting to network. In this stage, the incidence hasn;t been mitigated, therefore leason learned is not valid. You need Root Cause analysis to determin what the issue is then fix/mitigate it. Answer is B. Sorry for selecting C. Admin please delete my selection.
ooops i selected D not C
Actually Answer could be C. Your next step should be eradicate. Root cause analysis is performed post incidence fix same with lesson learned. In exam i will select C
The root cause analysis is done as part of the Eradication process cuz u need to know the root cause to understand how it can be eradicated.
You need to find the root cause before lessons learned. Answer is B
B. Perform a root cause analysis: It's crucial to understand how the cyberattack occurred in the first place. A root cause analysis helps identify the vulnerabilities or weaknesses in the organization's security posture that allowed the attack to happen. This analysis informs future security improvements and helps prevent similar incidents in the future.
B While implementing compensating controls (option C) is important, it typically comes after understanding the root cause of the incident. How can we implement a control unless we find out the root cause/vulnerabilities etc.