An organization's incident response (IR) policy should be approved by which of the following to ensure authority and accountability?
Trap 1: The incident response manager
The IR manager implements the policy but does not have authority to approve it.
Trap 2: The legal counsel
Legal counsel advises but does not approve the policy.
Trap 3: The IT director
IT director may be involved but lacks enterprise-wide authority.
- A
The incident response manager
Why wrong: The IR manager implements the policy but does not have authority to approve it.
- B
The legal counsel
Why wrong: Legal counsel advises but does not approve the policy.
- C
The IT director
Why wrong: IT director may be involved but lacks enterprise-wide authority.
- D
The board of directors or executive management
Senior management approval ensures policy authority and resource commitment.