A security team needs to demonstrate how prepared the team is in the event of a cyberattack. Which of the following would best demonstrate a real-world incident without impacting operations?
A.
Review lessons-learned documentation and create a playbook.
B.
Gather all internal incident response party members and perform a simulation.
C.
Deploy known malware and document the remediation process.
D.
Schedule a system recovery to the DR site for a few applications.
Asimulation(such as atabletop exercise or full-scale IR drill) is the best way to demonstrate real-world readiness without affecting operations.
Option A (Reviewing lessons-learned and playbooks)is valuable but does not actively test readiness.
Option C (Deploying malware)is highly risky and unethical in a production environment.
Option D (Disaster recovery site testing)focuses on DR, not security incident readiness.
Thus,B is the best choice, as simulations effectivelytest incident response capabilities without operational disruption.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit