
Ultimate access to all questions.
Explanation:
The action of 'Investigating any unusual activities on your network or by your staff' is not part of the 'respond' guideline of the NIST cybersecurity standards. Instead, this action falls under the 'detect' guideline. The 'detect' guideline focuses on the identification of potential cybersecurity events and the subsequent assessment of their impact. This includes monitoring and analyzing the organization's networks and systems to identify any unusual or suspicious activities that could indicate a cybersecurity threat. Therefore, investigating unusual activities is a proactive measure aimed at detecting potential threats before they can cause significant damage, rather than a reactive measure in response to a confirmed cybersecurity incident.
Choice A is incorrect. Notifying customers, employees, and others whose data may be at risk is indeed a part of the 'respond' guideline of the NIST cybersecurity standards. This action ensures that those potentially affected by a cyber attack are aware of the situation and can take necessary precautions to protect their information.
Choice B is incorrect. Keeping business operations up and running during a cyber attack is also included in the 'respond' guideline. The aim here is to minimize disruption to services while dealing with the incident.
Choice D is incorrect. Reporting an attack to law enforcement and other authorities falls under the 'respond' guideline as well. This step helps in investigating the incident further and possibly preventing similar attacks in future.
No comments yet.
Q.5114 Which of the following is not one of the actions under the respond guideline of the National Institute of Standards and Technology (NIST) on cybersecurity standards?
A
Notifying customers, employees, and others whose data may be at risk
B
Keeping business operations up and running
C
Investigating any unusual activities on your network or by your staff
D
Reporting the attack to law enforcement and other authorities