Which stakeholder group is responsible for containment, eradication, and recovery in incident handling?
A. facilitators
B. practitioners
C. leaders and managers
D. decision makers
Which stakeholder group is responsible for containment, eradication, and recovery in incident handling?
It cant be A and D.
Cant be B either as Practitioners are supposed to be responsible for the design and build a comprehensive technology focused cybersecurity program and business-focused cyber-risk management program that will minimize risks, and at the same time, protect critical assets.
So I think the correct answer is C, leaders, and managers.
ES-C2M2 (for Electricity Subsector):
Decision makers (executives) who control the allocation of resources and the management of risk in organizations; these are typically senior leaders.
Leaders with responsibility for managing organizational resources and operations associated with the domains of this model.
ES-C2M2 model refers to 10 domains:
Risk Management
Asset, Change and Configuration Management
Identity and Access Management
Threat and Vulnerability Management
Situational Awareness
Information Sharing and Communications
Event and Incident Response, Continuity of Operations
Supply Chain and External Dependencies Management
Workforce Management
Cybersecurity Program Management
Practitioners with responsibility for supporting the organization in the use of this model (planning and managing changes in the organization based on this model).
Facilitators with responsibility for leading a self-evaluation of the organization based on this model, and the associated toolkit, and analyzing the self-evaluation results.
Answer = C
i think it is C .
Managers are ultimately responsible for ensuring that incident response activities are performed properly.
check : NIST.SP800-61 r2
Thanx boss
the answer is C leaders and managers
@sk please explain further,
@Hassan were are you and whats your take?
Vague on e this and lots of comments on other forums, but a particularly good response from
https://learningnetwork.cisco.com/thread/122565
Why A?