Which is the MOST important to enable a timely response to a security breach?
A. Knowledge sharing and collaboration
B. Security event logging
C. Roles and responsibilities
D. Forensic analysis
Correct Answer: B???? or C?????
______________________
Note
■ The official answer (could be incorrect because NO comes from ISACA!) is: "B. Security event logging".
■ Other experts claim that the correct answer is: "C. Roles and responsibilities".
■ This question, in my opinion, is unclear because:
• B. Security event logging = is the correct answer if the context requested by the question is at an operational level, then SIEM, in this case, is very useful in fact thanks to SIEM the response to the incident at the operational level will be more efficient
• C. Roles and responsibilities = is the correct answer if the context to which the question refers is the incident response plan (IRP), then it is evident that having an IRP that clarifies "who does what" (roles and responsibilities) then the response to the incident will be more efficient.
■Your expert opinion (and explanation) is strongly requested.