Which of the following is the MOST important reason to document information security incidents that are reported across the organization?
Which of the following is the MOST important reason to document information security incidents that are reported across the organization?
The most important reason to document information security incidents that are reported across the organization is to identify unmitigated risk. By analyzing the documented incidents, organizations can pinpoint where their security measures are inadequate or failing, allowing them to take targeted actions to address these vulnerabilities. This approach ultimately strengthens the organization's overall security posture and helps in taking proactive measures to prevent future incidents. While preventing recurrence is a goal, it stems from first understanding and identifying the risks that went unaddressed.
C. Identify unmitigated risk. Documenting information security incidents across the organization is crucial for identifying unmitigated risks. This documentation helps in understanding the nature and scope of security incidents, which, in turn, allows organizations to identify areas where their security measures may be insufficient or ineffective. By identifying unmitigated risks, organizations can take proactive steps to improve their security posture, prevent future incidents, and enhance overall security.
The primary goal after any incident is to learn from it and take actions to ensure that similar incidents do not happen again
D is in C so i go with C
B. Evaluate the security posture of the organization.
D. Prevent incident recurrence.
C. Identify unmitigated risk. Identifying unmitigated risk is the MOST important reason to document information security incidents. It allows the organization to gain insights into vulnerabilities and weaknesses that may lead to incidents and helps in implementing necessary controls to mitigate those risks. While preventing incident recurrence (Option D) is a valid goal, it is secondary to the primary purpose of identifying and addressing unmitigated risk through incident documentation.
How the hell can you prevent incidence recourrance? Thats impossible. You can get DDOS'd more than once. Social engineering attach can occur more than once. Come on fellows/mates --> C
Awareness Training, Education, Standard enforcement, job descriptions, rules, and etc. How can you prevent yourself from getting the Covid-19 for the second time?
It's a matter of mitigating risks rather than preventing their recurrence. during the incident response In a Root Cause Analysis (RCA) focused on a malware incident, discovering and addressing the entry point is a form of mitigation. However, it's important to recognize that this mitigation doesn't ensure absolute prevention of future incidents, as new entry points may be exploited over time. Cybersecurity often involves a layered approach, combining preventive measures, detection strategies, and ongoing mitigation efforts to manage evolving risks in the dynamic threat landscape. C is correct!
Similarly to lesson learned, purpose is to prevent future recurrence. If doctor failed to save life, you cannot say his purpose is not saving life. Same applies to lesson learned.
D. Prevent the re-occurrence. Which of the following is the MOST important reason to document information security incidents that are reported across the organization? Question is that what is/are the reason (s) of identify unmitigated risk --> for further protections? for better prevention?, for better corrections? Are the above future protections/prevention/corrections considered prevent the recurrence?
same to lessons learned, the ultra purpose is to prevent the incident from happening again.