During an incidence response, it is quite possible that not all SOC members will be engaged simultaneously in the activity. What could be the reason for this variation?
- The SOC is understaffed on purpose to avoid high staffing costs.
- Incidence response is not recognized as a critical SOC activity.
- To adhere to internationally recognized procedures and standards
- Other attacks may be occurring simultaneously by the same or different bad actors that some SOC members may be assigned to monitor.
| Explanation & Hint:
The reason for the variation in SOC members’ engagement during an incident response is: Other attacks may be occurring simultaneously by the same or different bad actors that some SOC members may be assigned to monitor. Incident response often involves prioritizing and addressing multiple security incidents, and it’s not uncommon for different SOC members to be assigned to monitor and respond to different incidents simultaneously. This variation in workload is due to the dynamic nature of cybersecurity threats and the need to address multiple incidents as they occur. |