A fundamental objective in handling an incident is to restore control of the affected systems as soon as possible. An incident is an event or a situation that violates or threatens the security, confidentiality, integrity, or availability of an organization’s information assets or resources3. Handling an incident is the process of responding to, containing, analyzing, recovering from, and reporting on an incident, with the aim of minimizing the impact and preventing the recurrence of the incident. Restoring control of the affected systems is a crucial objective in handling an incident, as it can help to resume the normal operations, services, and functions of the organization, and to mitigate the damage or loss caused by the incident. Confiscating the suspect’s computers, prosecuting the attacker, and performing full backups of the system are not fundamental objectives in handling an incident, as they are more related to the investigation, legal, or recovery aspects of the incident, which may not be as urgent or essential as restoring control of the affected systems. References: 3: Official (ISC)2 CISSP CBK Reference, 5th Edition, Chapter 7, page 375. : CISSP All-in-One Exam Guide, Eighth Edition, Chapter 9, page 559.
Submit