In which of the following phases of the incident handling and response (IH&R) process is the identified security incidents analyzed, validated, categorized, and prioritized?
Correct Answer: A
Incident triage is the phase in the Incident Handling and Response (IH&R) process where identified security incidents are analyzed, validated, categorized, and prioritized. This step is crucial for determining the severity of incidents and deciding on the order in which they should be addressed. During triage, incident handlers assess the impact, urgency, and potential harm of an incident to prioritize their response efforts effectively.
This ensures that resources are allocated efficiently, and the most critical incidents are handled first. Incident recording and assignment involve logging incidents and assigning them to handlers, containment focuses on limiting the extent of damage, and notification involves informing stakeholders about the incident.References:
The Incident Handler (CREST CPTIA) courses and study guides detail the IH&R process, emphasizing the importance of triage in managing and responding to security incidents effectively.