What is not a primary element of an incident response policy?
- penetration testing requirements
- getting buy-in from senior management
- the missions, strategies, and goals of the organization
- how the incident response team will communicate with the other teams
Explanation & Hint:
A primary element that is not typically included in an incident response policy is penetration testing requirements. While penetration testing is an important aspect of cybersecurity, it is generally not a component of an incident response policy. Instead, penetration testing is more aligned with proactive security measures and vulnerability assessments, which are separate from the reactive and managerial elements typically addressed in an incident response policy. The other options listed – getting buy-in from senior management, outlining the mission, strategies, and goals of the organization, and defining how the incident response team will communicate with other teams – are all crucial elements of an effective incident response policy. |