Last Updated on August 1, 2021 by Admin 2
Which of the following is NOT an element of the NIST.SP800-61 r2 incident response plan?
- organizational mission
- organizational approach
- siloed approach to communication
- strategies and goals
Rather than a siloed approach, the incident response approach should encourage and specify communication between the team and the organization and other organizations. In a siloed approach, the team has little communication with the organization and other organizations during the response.
NIST SP 800-61 v2 is the Computer Security Incident Handling Guide. According to this publication, the four major phases of the incident response lifecycle are:
1. Preparation
2. Detection and analysis
3. Containment, eradication, and recovery
4. Post incident analysis
The NIST’s incident response plan elements are:
– Incident response plan’s mission
– Strategies and goals of the incident response plan
– Senior management approval of the incident response plan
– Organizational approach to incident response
– How the incident response team will communicate with the rest of the organization and with other organizations
– Metrics for measuring the incident response capability and its effectiveness
– Roadmap for maturing the incident response capability
– How the program fits into the overall organization