Select from the option list provided the incident response role, if any, for each organizational responsibility described below. Each choice may be used once, more than once, or not at all. Responsibility Incident Response Role Takes appropriate actions to disconnect an affected system. Individual(s) tasked with limiting the damage of an incident and restoring normal services. Individual(s) tasked with adjusting firewall settings to aid in responding to an incident. Takes physical custody of compromised workstations. Administering disciplinary hearings if an employee is suspected of causing an incident. Ensures that the incident response team has the necessary personnel, resources, and skill. Analyze the data and determine the impact of the incident. Detain incident perpetrators and question their motives.

Jensen believes she is the most important lawyer in her law office. She has an extremely strong sense of entitlement and expects that her coworkers and employees praise and give her respect all the time. When her office assistant has a death in the family, Jensen is angry that her assistant missed work and fell behind in filing her reports since it causes Jensen to have to pick up some of the slack. Jensen is most likely to have which personality disorder? 

Which NFL team plays its home games at Lambeau Field?

Senior management of ABC Company has identified you as the individual to implement the company’s incident response protocol. ABC senior management is considering the adoption of NIST SP 800-61 as the basis for its incident response life cycle approach. You have been tasked with providing a report to management that includes detailed process steps for each phase of the incident response life cycle. Using NIST SP 800-61, your employee has drafted key aspects of each phase of the life cycle for you to review before sharing the report with senior management. Excerpts from the draft are provided below. Select from the option list provided the appropriate word or phrase to complete each statement below. Each choice may be used once, more than once, or not at all.   Excerpt Word or Phrase The preparation phase of the incident response life cycle includes _____. The acquisition of the tools, resources, and software for the team is considered part of the _____ phase. The _____ phase includes determination of the incident’s scope, origination of the incident, and the method used to cause the incident. Evidence gathering and identification of attacking hosts occurs during the _____ phase. According to NIST, holding a “lessons learned” meeting should be part of the _____ phase.  

Select from the option list provided the applicable incident response life cycle phase, if any, for each description indicated below. Each choice may be used once, more than once, or not at all. Description Phase Evidence gathering and handling. Prevention of incidents before they occur. Identify and mitigate exploited vulnerabilities. Identification of incidents. Create a follow‐up report. Identify attacking hosts. Notification of stakeholders per organizational reporting requirements. Acquisition of the tools, resources, and software required. Hold a meeting to discuss lessons learned. Prioritization of incidents by their significance.

Indicate which statements about materiality in a SOC 1 engagement are true by selecting the appropriate circle. 1.A. The service auditor’s determination of materiality is a matter of professional judgment.B. The client typically participates in the determination of materiality.   2.A. Materiality should consider the perception of the overall information needs of the user auditor of the service organization.B. The concept of materiality relates to the dollar values in financial statements of user entities.   3.A. Evaluating materiality related to controls primarily includes the consideration of quantitative factors.B. Materiality should be based on the needs of the most conservative user; in that way all users are protected.   4.A. The auditor should consider collectively uncorrected misstatements identified during the engagement when evaluating whether they are material.B. Material misstatements result in modified SOC 1 opinions.

Which NFL team has won the most Super Bowl titles (tied for the most as of recent years)?

A senior auditor is leading an engagement to evaluate management’s efforts to apply the COSO Internal Control – Integrated Framework to its risk mitigation efforts for security. More specifically, the senior auditor has been tasked with conducting a cyber risk assessment. The purpose of the cyber risk assessment is to evaluate management’s efforts to document its cyber risks, controls, and its alignment of business objectives with IT. Within the senior auditor’s draft report for management, the senior auditor makes a number of statements. Using the senior auditor’s draft included below, review each statement to ensure that it aligns with the objectives and purpose of the engagement. ……………………………………………………………………………………………………………………………………. #1 COSO Risk Assessment StatementThe risk assessment the cyber risk management efforts. #2 Alignment of Technology and the BusinessAn organization’s cyber risk assessment #3 Incorporation into the Entity-Wide Risk AssessmentAn organization’s cyber risk assessment #4 Continuous ImprovementManagement should #5 Application of the COSO FrameworkBecause COSO is a framework,

An IT manager is preparing a memo to management describing the nature of incident response planning and the classification of incidents. Excerpts from the memo are provided below. Select from the option list provided the appropriate word or phrase to complete each statement below. Each choice may be used once, more than once, or not at all. Excerpt Word or Phrase Purpose of Incident ResponseThe goal of incident response management is to _____ attacks and to _____ and cost. Incident Response PlanningIncident response planning often includes, but is not limited to, items such as _____, required activities, _____, _____, and measures to monitor the effectiveness of the organization’s capabilities. Incident Response StepsMore generally, incident response entails the steps used to prepare for, _____ a data breach. ClassificationWhereas a security _____ may result in damage, in a(n) _____, protected data are confirmed to have been accessed by an illicit third party.

Smith Company is implementing its cyber risk activities into its existing enterprise risk management (ERM) efforts. Smith uses the COSO ERM framework to provide a basis for coordinating and integrating all of its risk management activities. Using the option list below, identify the relevant component of the COSO ERM framework that applies to each description. Each choice may be used once, more than once, or not at all. Description ERM Component Cyber risk management is integrated into planning. The organization prioritizes risks according to their severity and the organization’s cyber risk appetite. Cyber risk management capabilities and performance are examined to assess their value proposition. Cyber risks that may affect the achievement of strategy and business objectives are identified and assessed. Relevant information from external sources is used to support cyber risk management. The entity’s tone is set. Relevant information from internal sources is used to support cyber risk management. Cyber risk management capabilities and performance are examined to drive value through change. The importance of cyber vigilance is reinforced, and oversight responsibilities are established.