Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

PECB Exam Lead-Cybersecurity-Manager Topic 5 Question 3 Discussion

Actual exam question for PECB's ISO/IEC 27032 Lead Cybersecurity Manager exam
Question #: 3
Topic #: 5
[All ISO/IEC 27032 Lead Cybersecurity Manager Questions]

Scenario 8: FindaxLabs is a financial institution that offers money transfers services globally The company Is known for quick money transfers at a low cost. To transfer money, users register with their email addresses and submit a photo of their ID card for identity verification. They also need to provide the recipient s bank account details alongside their own bank account details. Users can track the transfer through their accounts, either from the website or mobile app. As the company operates in a highly sensitive industry, it recognizes the importance of ensuring cybersecurity. As such, FindaxLabs has addressed its cybersecurity concerns through its business continuity plan.

Nevertheless, a few months ago, FindaxLabs detected suspicious activity on its network and realized that it was being attacked The attackers tried to gain access to customer information. Including emails, bank account numbers, and records of financial transactions. Upon receiving the alert, the incident response team responded swiftly Following the ICT readiness for business continuity (IRBC) policy and procedures, they immediately took down the communication channels to the server and went offline. Subsequently, they conducted vulnerability testing and network scanning, but did not identify any other backdoors. After dodging this attack, the company completely changed its approach toward cyber threats. Consequently, cybersecurity became one of their highest priorities.

FindaxLabs established a more comprehensive cybersecurity incident management plan based on its cybersecurity Incident management policy 10 effectively handle and mitigate future incidents and vulnerabilities. The cybersecurity incident management plan outlined a structured approach based on industry best practices and included various phases of the incident response process

The company also created a post-incident report to evaluate the effectiveness of their response capabilities and identify areas for improvement It documented all relevant information related to the incident, such as category, priority, status, and actions taken to resolve it Based on this documentation, it defined the IRBC activities that helped them respond to and recover from disruptions, creating an IRBC timeline. The timeline consisted of three main stages: incident detection, response, and recovery. The company evaluated whether IRBC objectives were met for each phase. Through this evaluation, they determined that improved collaboration between business managers and ICT staff, as well as the implementation of preventive measures such as antivirus and firewalls, would have provided layered protection and better integration of cybersecurity into the business continuity strategy.

Based on the scenario above, answer the following question:

Based on scenario 8, has FindaxLabs completed the "Do" phase of the Plan-Do-Check-Act cycle In IRBC?

Show Suggested Answer Hide Answer
Suggested Answer: A

Based on the scenario, FindaxLabs has completed the 'Do' phase of the Plan-Do-Check-Act (PDCA) cycle in IRBC. They implemented and operated the IRBC policy and procedures during the incident response, conducting actions such as taking down communication channels, performing vulnerability testing, and documenting the incident. This phase involves executing the planned actions to ensure ICT readiness and manage incidents effectively, as outlined in ISO/IEC 22301, which provides a framework for business continuity management systems, including the implementation and operation of continuity procedures.


Contribute your Thoughts:

Elli
1 months ago
I don't think so, the scenario only mentions that they have established and implemented the policies.
upvoted 0 times
...
Jesusita
1 months ago
Well, this scenario is more complex than finding my car keys. I'm going to go with A, but I'm keeping an eye out for any hidden 'socks' in the details.
upvoted 0 times
Brice
4 days ago
User 1: I think FindaxLabs has completed the 'Do' phase of the Plan-Do-Check-Act cycle.
upvoted 0 times
...
...
Felix
1 months ago
But do you think they have assessed the IRBC policies and reported the results to management?
upvoted 0 times
...
Wilbert
1 months ago
Ha! 'FindaxLabs' - sounds like a lab that specializes in finding lost socks. Anyway, I reckon B is the right answer. They've assessed the IRBC policies and reported the results, but the 'Do' phase is still a work in progress.
upvoted 0 times
...
Edna
1 months ago
I agree with Elli, they have implemented and operated the IRBC policy and procedures.
upvoted 0 times
...
Whitley
1 months ago
Hmm, I'm not so sure. The scenario mentions they established a more comprehensive cybersecurity incident management plan, but it doesn't explicitly say they've implemented it. I'm going with C.
upvoted 0 times
Nelida
14 days ago
Yeah, it's better to be cautious in this situation. Cybersecurity is crucial.
upvoted 0 times
...
Elinore
20 days ago
I agree with you. It seems like they have the plan in place but may not have fully put it into action yet.
upvoted 0 times
...
Frederica
25 days ago
I think they have only established the IRBC policy and procedures, but not implemented them. So, I'll go with C.
upvoted 0 times
...
...
Elli
1 months ago
I think FindaxLabs has completed the 'Do' phase of the Plan-Do-Check-Act cycle.
upvoted 0 times
...
Tiera
2 months ago
I think the correct answer is A. The scenario clearly states that the incident response team responded swiftly and followed the IRBC policy and procedures, indicating that the 'Do' phase has been completed.
upvoted 0 times
Marshall
25 days ago
I agree with you. The incident response team did take immediate action.
upvoted 0 times
...
Ozell
29 days ago
A) Yes, the IRBC policy and procedures are implemented and operated
upvoted 0 times
...
William
1 months ago
Yes, the 'Do' phase of the Plan-Do-Check-Act cycle in IRBC has been completed.
upvoted 0 times
...
Bettina
1 months ago
I agree, the incident response team did act swiftly and followed the IRBC policy and procedures.
upvoted 0 times
...
...

Save Cancel