When an organization lacks internal expertise to conduct highly technical forensics investigations, what is the BEST way to ensure effective and timely investigations following an information security incident?
When an organization lacks internal expertise to conduct highly technical forensics investigations, what is the BEST way to ensure effective and timely investigations following an information security incident?
When an organization lacks internal expertise to conduct highly technical forensics investigations, the best way to ensure effective and timely investigations following an information security incident is to retain a forensics firm prior to experiencing an incident. This proactive approach ensures that expert assistance is readily available when needed, reducing response time and improving the effectiveness of the investigation. Other options, such as purchasing standard operating procedures or providing training, do not guarantee that the organization will have the required expertise and readiness at the critical moment.
B. Retain a forensics firm prior to experiencing an incident.
Whilst I agree it's B. That's a very expensive thing to do that may never be needed and a lot of organizations wouldn't approve the spend. C is the more likely option
It's B. Doing C is also valid, but it's too late.