The BEST approach in managing a security incident involving a successful penetration should be to:
A . allow business processes to continue during the response.
B . allow the security team to assess the attack profile.
C . permit the incident to continue to trace the source.
D . examine the incident response process for deficiencies.
Answer: A
Explanation:
Since information security objectives should always be linked to the objectives of the business, it is imperative that business processes be allowed to continue whenever possible. Only when there is no alternative should these processes be interrupted. Although it is important to allow the security team to assess the characteristics of an attack, this is subordinate to the needs of the business. Permitting an incident to continue may expose the organization to additional damage. Evaluating the incident management process for deficiencies is valuable but it, too. is subordinate to allowing business processes to continue.