Incident Response Communication and Reporting

Question 1

Which federal organization oversees the CISA Cybersecurity Incident & Vulnerability Response Playbook?
A. Department of Treasury
B. Department of Health and Human Services
C. Department of Transportation
D. Department of Homeland Security

Answer 1

D. Department of Homeland Security
The US Department of Homeland Security oversees the CISA Cybersecurity Incident & Vulnerability Response Playbook.

Question 2

An incident report includes an executive summary, an impact statement and which other section, among others?
A. Exploit credentials
B. NDA
C. Statement of Compliance
D. Incident timeline

Answer 2

D. Incident timeline
An incident report should also include an incident timeline.

Question 3

If an organization falls under the CISA notification requirements, what is the timeline requirement from the identification of the incident to the CISA initial report?
A. 24 hours
B. 1 hour
C. 12 hours
D. 2 hours

Answer 3

B. 1 hour
A report of the compromise of any aspect of the CIA triad on a federal information system requires a CISA report within 1 hour of incident identification.

Question 4

According to the Cost of a Data Breach Report 2022, what is the average number of days to discover and contain a data breach?
A. 97 days
B. 157 days
C. More than 500 days
D. 277 days

Answer 4

D. 277 days
The Cost of a Data Breach Report 2022 identifies 277 days as the average time it took to discover and contain a data breach.