Which of the following terms may be defined as "a measure of possible inability to achieve a
goal, objective, or target within a defined security, cost plan and technical limitations that
adversely affects the organization's operation and revenues?
D. Incident Response
A distributed Denial of Service (DDoS) attack is a more common type of DoS Attack, where a
single system is targeted by a large number of infected machines over the Internet. In a DDoS
attack, attackers first infect multiple systems which are known as:
The goal of incident response is to handle the incident in a way that minimizes damage and
reduces recovery time and cost. Which of the following does NOT constitute a goal of incident
A. Dealing with human resources department and various employee conflict behaviors.
B. Using information gathered during incident handling to prepare for handling future incidents in
a better way and to provide stronger protection for systems and data.
C. Helping personal to recover quickly and efficiently from security incidents, minimizing loss or
theft and disruption of services.
D. Dealing properly with legal issues that may arise during incidents.
An organization faced an information security incident where a disgruntled employee passed
sensitive access control information to a competitor. The organization's incident response
manager, upon investigation, found that the incident must be handled within a few hours on the
same day to maintain business continuity and market competitiveness. How would you
categorize such information security incident?