Why is incident documentation important in cybersecurity?
Think about how documentation supports learning and prevention.
Incident documentation provides a clear record of what happened and how it was handled. This helps teams learn from incidents and improve security.
Which of the following is NOT typically included in incident documentation?
Focus on relevant information directly related to the incident.
Incident documentation should include relevant details like time, description, and response actions. Unrelated employee names are not relevant.
Which of the following incident documentation examples shows the best quality?
Example 1: "An attack happened. We fixed it quickly."
Example 2: "On March 10 at 2:00 PM, a phishing email was detected targeting finance staff. The email was quarantined, and affected users were notified. No data was compromised."
Example 3: "There was a problem with the system. IT looked into it."
Example 4: "Incident occurred. Details unknown."
Look for clear, specific, and complete information.
Example 2 provides detailed, clear, and relevant information including time, nature of incident, actions taken, and outcome, which is best practice.
Which format is generally more effective for incident documentation and why?
Consider what helps teams review and learn from incidents easily.
Structured templates help ensure all important information is captured consistently, making documentation easier to understand and use.
What is the most likely consequence of poor incident documentation in a cybersecurity breach?
Think about how documentation helps learning and prevention.
Poor documentation means teams lack clear records to learn from, which can cause repeated errors and delays in handling future incidents.