Which of the following is the best way to achieve this goal?

A company’s legal department is concerned that its incident response plan does not cover the countless ways security incidents can occur. The department has asked a security analyst to help tailor the response plan to provide broad coverage for many situations.

Which of the following is the best way to achieve this goal?
A . Focus on incidents that have a high chance of reputation harm.
B. Focus on common attack vectors first.
C. Focus on incidents that affect critical systems.
D. Focus on incidents that may require law enforcement support.

View Answer

Answer: C

Explanation:

An incident response plan should cover the most important and likely scenarios that could compromise the security and operations of an organization. According to various sources of best practices123, an incident response plan should start by conducting a risk assessment to identify potential threats and vulnerabilities, and prioritize the critical systems that need to be protected and restored in case of an incident. Focusing on incidents that affect critical systems ensures that the incident response plan covers the most severe and impactful situations that could harm the organization’s mission, reputation, or legal obligations.