The incident response team was notified of detected malware.
The team identified the infected hosts, removed the malware, restored the functionality and data of infected systems, and planned a company meeting to improve the incident handling capability.
Which step was missed according to the NIST incident handling guide?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
According to the NIST incident handling guide, the correct sequence of steps in an incident response plan is as follows:
Based on the information provided in the question, the incident response team has already completed steps 1-3. They have identified the infected hosts, removed the malware, restored the functionality and data of infected systems, and planned a company meeting to improve the incident handling capability.
Therefore, the step that was missed in the NIST incident handling guide is step 4, Post-Incident Activities. This step includes activities such as conducting a lessons learned session to identify areas of improvement, updating incident response procedures and policies, and performing a follow-up assessment to ensure that the incident has been fully resolved.
None of the options listed in the question are specifically related to post-incident activities, but the closest option would be option C, determine the escalation path. While determining the escalation path is an important step in incident response, it is typically included in the preparation phase rather than the post-incident activities phase.
Option A, contain the malware, is part of step 3, Containment, Eradication, and Recovery. Option B, install IPS software, is not a specific step in the NIST incident handling guide, but it could be considered part of the preparation phase. Option D, perform vulnerability assessment, is also not a specific step in the NIST incident handling guide, but it could be considered part of the detection and analysis phase.