CISA Certified Information Systems Auditor – Question1554

Which of the following is the MOST important action in recovering from a cyberattack?

A.
Creation of an incident response team
B. Use of cyber forensic investigators
C. Execution of a business continuity plan
D. Filling an insurance claim

Correct Answer: C

Explanation:

Explanation: The most important key step in recovering from cyberattacks is the execution of a business continuity plan to quickly and cost-effectively recover critical systems, processes and data. The incident response team should exist prior to a cyberattack.
When a cyberattack is suspected, cyber forensic investigators should be used to set up alarms, catch intruders within the network, and track and trace them over the Internet. After taking the above steps, an organization may have a residual risk that needs to be insured and claimed for traditional and electronic exposures.