Which element is included in an incident response plan?
A. organization mission
B. junior analyst approval
C. day-to-day firefighting
D. siloed approach to communications
Which element is included in an incident response plan?
A. organization mission
B. junior analyst approval
C. day-to-day firefighting
D. siloed approach to communications
NIST 800-61 r2
2.3.2 Plan Elements
Organizations should have a formal, focused, and coordinated approach to responding to incidents, including an incident response plan that provides the roadmap for implementing the incident response capability. Each organization needs a plan that meets its unique requirements, which relates to the organization’s mission, size, structure, and functions. The plan should lay out the necessary resources and management support. The incident response plan should include the following elements:
Mission
Strategies and goals
Senior management approval
Organizational approach to incident response
How the incident response team will communicate with the rest of the organization and with other organizations
Metrics for measuring the incident response capability and its effectiveness
Roadmap for maturing the incident response capability
How the program fits into the overall organization.
Correct Answer == A
A is correct
Organization Mission is correct,
2.3.2 Plan Elements
The incident response plan should include the following elements:
– Mission
– Strategies and goals
– Senior management approval
– Organizational approach to incident response
– How the incident response team will communicate with the rest of the organization and with other organizations
– Metrics for measuring the incident response capability and its effectiveness
– Roadmap for maturing the incident response capability
– How the program fits into the overall organization.
Reference : NIST 800-61r2 Computer Security incident Handling Guide Page 17 ,
There are four basic questions that each organization must answer when determining their incident response plan:
What are the assets that are being protected?
What are the threats to the assets?
How are threats detected?
How will the organization respond to threats?
So, it´s “D”
No buddy its A
its A mannn….Siloed communications….jus google that term