Which action should be included in a plan element that is part of a computer security incident response capability (CSIRC)?
- Detail how incidents should be handled based on the mission and functions of an organization.
- Develop metrics for measuring the incident response capability and its effectiveness.
- Create an organizational structure and definition of roles, responsibilities, and levels of authority.
- Prioritize severity ratings of security incidents.
Explanation: NIST recommends creating policies, plans, and procedures for establishing and maintaining a CSIRC. A purpose of the plan element is to develop metrics for measuring the incident response capability and its effectiveness.
Exam with this question: CCNA Cyber Ops Chapter 13 Exam Answers
Exam with this question: CyberOps Associate (Version 1.0) - Module 28: Digital Forensics and Incident Analysis and Response Answers
Exam with this question: Cyber Threat Management - 6.6.2 Digital Forensics and Incident Analysis and Response Quiz
Exam with this question: Cyber Threat Management: My Knowledge Check Answers
Please login or Register to submit your answer