Security Incident Response Overview

Questions and Answers

According to the COSO framework, which component involves selecting risk responses and monitoring performance?

Risk response

What is the purpose of the review and revision component in the COSO framework?

To assess the value proposition of cyber risk management capabilities and drive value as change occurs

Which component of the COSO framework is responsible for gathering information from internal and external sources to support cyber risk management?

Information and communication

What does COSO recommend regarding the integration of its ERM framework?

Integrating it with a formal cybersecurity framework, such as NIST

What is the purpose of preventive controls in the context of cyber risk mitigation?

To stop a cyber threat from occurring in the first place

Which of the following is NOT a characteristic of effective options (choices/distractors) in multiple-choice questions?

Options should use phrases directly from the text

According to the guidelines provided, which of the following should be avoided when constructing the stem (question) of a multiple-choice item?

Using phrases like 'according to the text' or 'in the content'

What is the recommended approach for representing common student misconceptions in multiple-choice questions?

Represent them as distractors, so they are plausible to students who do not know the correct answer

Which component of the COSO framework takes a holistic, portfolio-centric view of organizational and cyber risk?

Risk response

What is the purpose of detective controls in the context of cyber risk mitigation?

To detect security breaches in real-time as they occur