Question

Tommy is the CSIRT team leader for his organization and is responding to a newly discovered security incident. What document is most likely to contain step-by-step instructions that he might follow in the early hours of the response effort?

A. Policy
B. Baseline
C. Playbook
D. Textbook

Answer 1

• Final answer:
• In the early hours of a security incident, Tommy, the CSIRT team leader, would most likely follow a Playbook; it contains pre-arranged, actionable steps for incident response. Policies, Baselines, and Textbooks serve different purposes and wouldn't typically provide immediate action steps for handling an incident.
• Step-by-step explanation:
• When Tommy, the CSIRT (Computer Security Incident Response Team) team leader for his organization, is responding to a newly discovered security incident, he is most likely to follow a document known as a Playbook. A playbook contains detailed response plans and step-by-step instructions that are crucial for the early hours of a security incident response effort. These documents provide structured, pre-planned procedures that can be rapidly executed to manage and mitigate the impacts of a security incident.
• Other documents such as a Policy generally outline the organization's overall security stance, rules, and expectations but don't provide granular procedures. A Baseline defines the minimum level of security that systems must meet, while a Textbook is an educational resource that may inform strategy development but wouldn't be used in an active incident response. Tommy will benefit most from the playbook for its operational usefulness during the critical initial phase of incident management.