A security team is discussing lessons learned and suggesting process changes after a security breach incident.
During the incident, members of the security team failed to report the abnormal system activity due to a high project workload.
Additionally, when the incident was identified, the response took six hours due to management being unavailable to provide the approvals needed.
Which two steps will prevent these issues from occurring in the future? (Choose two.)
The security breach incident discussed in the scenario highlights two major issues. Firstly, the team members failed to report abnormal system activity due to high project workload. Secondly, the incident response took six hours due to the unavailability of management to provide the necessary approvals. To prevent these issues from happening in the future, the following steps can be taken:
A. Introduce a priority rating for incident response workloads: Assigning a priority rating to incident response workloads will help the team members to prioritize their work. This rating will help them understand which tasks require immediate attention and which tasks can be postponed until the workload permits. By having a clear prioritization system in place, the team members will be able to report any abnormal activity immediately, without having to worry about their workload.
C. Conduct a risk audit of the incident response workflow: Conducting a risk audit of the incident response workflow will help the team identify any potential gaps or vulnerabilities in the process. The audit will help the team members understand what processes are in place, what works, what doesn't, and what needs to be improved. A risk audit will also help identify any potential bottlenecks in the process that may cause delays in incident response.
D. Create an executive team delegation plan: Creating an executive team delegation plan will help ensure that there is always someone available to provide the necessary approvals during an incident. This plan will outline the roles and responsibilities of each member of the executive team during an incident and will ensure that there is always someone available to provide the necessary approvals.
E. Automate security alert timeframes with escalation triggers: Automating security alert timeframes with escalation triggers will help ensure that the team members are notified immediately when there is abnormal activity. The automation will trigger an alert when certain criteria are met, and this will ensure that the team members can respond promptly. By automating the process, the team members will not have to rely on their workload or availability of management to identify and respond to incidents.
B. Provide phishing awareness training for the fill security team: Although phishing awareness training is essential to prevent phishing attacks, it is not directly related to the issues mentioned in the scenario. Therefore, it is not a relevant step to prevent the issues discussed in the scenario.
In summary, to prevent the issues discussed in the scenario, the security team should introduce a priority rating for incident response workloads, conduct a risk audit of the incident response workflow, create an executive team delegation plan, and automate security alert timeframes with escalation triggers.