During which of the following incident-handling processes would the assistance of NIST Special Publication 800-61 be invaluable?

Homework Help: Questions and Answers: During which of the following incident-handling processes would the assistance of NIST Special Publication 800-61 be invaluable?

During which of the following incident-handling processes would the assistance of NIST Special Publication 800-61 be invaluable?
A. Application
B. Analysis
C. All of these processes
D. Collection

A. Application
B. Analysis
C. All of these processes
D. Collection

Answer:

First, let’s understand what NIST Special Publication 800-61 is:

  • NIST SP 800-61 is the “Computer Security Incident Handling Guide” published by the National Institute of Standards and Technology.
  • It provides guidelines for incident handling, particularly for analyzing incident-related data and determining the appropriate response to each incident.

Given Options: Step by Step Answering

a) Application

  • This could refer to applying or implementing measures, but it’s vague and not specifically mentioned in incident-handling stages.

b) Analysis

  • This phase includes examining data to understand the incident, a core focus of NIST SP 800-61.

c) All of these processes

  • This option suggests that the guide is useful in all aspects of incident handling.

d) Collection

  • While incident handlers may collect evidence or logs during analysis, “Collection” is not a major phase on its own in NIST’s incident-handling model. It could be part of analysis.

Final Answer:

Based on the above analysis, the correct answer is:

C. All of these processes

The NIST 800-61 guidelines apply to all phases of incident handling, from preparation to recovery, including analysis and evidence collection. Each of these processes is critical for managing incidents effectively and improving organizational security responses.

Learn More: Homework Help

Q. You are assembling a forensics kit to ensure proper incident response. Which of the following would NOT be included in it?

Q. You have recently installed an enterprise-level SOAR solution for incident response. The response team is determining the processes that need to be manually followed when an incident occurs. Which of the following documentation is the team developing?

Q. You have recently installed an enterprise-level SOAR solution for incident response. The response team is determining the processes that need to be manually followed when an incident occurs. Which of the following documentation is the team developing?

Q. Your company implements an industrial control system (ICS) that will connect to two networks: the company network and the control system network. The ICS should transmit only invoicing and billing information on the company network, while the control system network should handle all ICS-related communication. When constructing such a system, which of the following design concepts would best protect the business and its operations?

Q. Which remediation step is recommended to prevent employees from giving away valid login credentials in the future?

Leave a Comment

Comments

No comments yet. Why don’t you start the discussion?

    Comments