Which of the following describes how a CSIRT lead determines who should be communicated with and when during a security incident?

Which of the following describes how a CSIRT lead determines who should be communicated with and when during a security incident?
A . The lead should review what is documented in the incident response policy or plan
B . Management level members of the CSIRT should make that decision
C . The lead has the authority to decide who to communicate with at any t me
D . Subject matter experts on the team should communicate with others within the specified area of expertise

View Answer

Answer: A

Explanation:

The incident response policy or plan is a document that defines the roles and responsibilities, procedures and processes, communication and escalation protocols, and reporting and documentation requirements for handling security incidents. The lead should review what is documented in the incident response policy or plan to determine who should be communicated with and when during a security incident, as well as what information should be shared and how. The incident response policy or plan should also be aligned with the organizational policies and legal obligations regarding incident notification and disclosure.