(ISC)2 Certified in Cybersecurity Practice Exam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the (ISC)2 Certified in Cybersecurity Exam with comprehensive quizzes and extensive question banks. Enhance your skills with detailed explanations and practice tests designed to improve your expertise for the certification exam. Get exam-ready now!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Who should be consulted when developing an incident response plan?

ISO 27001
NIST SP 800-53
NIST SP 800-61
ISO 31000

The correct answer is: NIST SP 800-61

Consulting NIST SP 800-61 when developing an incident response plan is particularly relevant because this publication specifically focuses on computer security incident handling. It provides guidelines on how organizations can respond to incidents effectively, which includes preparing for incidents, detecting and analyzing them, and ultimately responding to and recovering from them. This tailored guidance is essential for creating a robust incident response plan that aligns with best practices in cybersecurity. The other options, while valuable in their own right, do not specifically address the incident response process in the same manner. ISO 27001 provides a framework for establishing, implementing, and managing an information security management system (ISMS), which is broader than the specific scope of incident response. NIST SP 800-53 offers a catalog of security and privacy controls for federal information systems and organizations, focusing more on organizational security practices rather than specific incident response strategies. ISO 31000 focuses on risk management principles and guidelines that can apply across any domain but do not pertain specifically to incident response plans. Thus, NIST SP 800-61 stands out as the most pertinent resource for this purpose.