Which of the following is the MOST important consideration when designing a risk-based incident response management program?
Which of the following is the MOST important consideration when designing a risk-based incident response management program?
This is B. We are trying to minimize false positives and false negatives to find the real risk and focus on it.
what does that have to do with "designing a risk-based incident response management program?"
B. Minimizing false-positive and false-negative alerts In a risk-based incident response management program, minimizing false positives and false negatives is crucial. False positives can lead to wasted resources on non-critical events, while false negatives can result in missing actual threats, increasing risk to the organization. Effective incident response relies on accurate detection, so reducing these errors is essential to ensure that the program can promptly identify and respond to legitimate incidents. While monitoring low-risk events, testing the plan, and assigning roles are important, they are secondary to ensuring accurate alerting for risk-based prioritization.
I can see this angle also. this would make sense. Agreed with bleh and Enig. the overall efficiency of the plan is founded on legit alerts.
B. Voting against the examtopics mods.