(ISC)2 Certified in Cybersecurity Practice Exam

Who is typically responsible for monitoring and resolving security incidents?

• A. External auditors
• B. All employees
• C. IT help desk staff
• D. The information security team

The correct answer is: The information security team

The information security team is typically responsible for monitoring and resolving security incidents because their primary function is to protect an organization’s information assets by identifying potential threats and reacting appropriately. This team is made up of professionals who possess specialized knowledge and skills required to manage security measures, respond to incidents, and evaluate the effectiveness of the organization's security policies and controls. Their duties include setting up security monitoring systems, conducting regular security assessments, analyzing logs and alerts for suspicious activities, and coordinating responses to security breaches. They also train and inform other staff about best practices for security, ensuring that there is a comprehensive approach to incident management throughout the organization. While other roles, such as IT help desk staff, may assist in the initial identification and escalation of incidents, the specialized knowledge and strategic oversight provided by the information security team are crucial in managing incidents effectively. External auditors evaluate the organization's systems and practices but typically do not engage in ongoing incident management. Employees across the organization play a role in maintaining security awareness, but they are not specifically trained to monitor or resolve incidents. Thus, the information security team is the definitive authority in this area.