Master 47 Cyber Security interview questions covering threat analysis, incident response, and security frameworks.
Question 4 of 47
Why the Interviewer Asks This Question
Example Answer
Example Answer 2
How to Answer
Community Answers

Tom Dushaj is a business and technology executive and the author of 'Resumes That Work.' Tom has vast experience providing solutions to Fortune 500 companies in the areas of Information Technology Consulting, ERP Software, Personnel Management, and Intern
First of all, all companies should have a Cyber Security Incident Response Plan. If you've worked in Information Security for any amount of time, you should be familiar with Incident Response. The make-up of an incident response plan will probably include the following components: A.) An Incident Response Team, B.) A Workforce Continuity Plan, and C.) A summary or inventory of tools and technologies within the environment. It's fair to say that an interviewer will likely want to know what part of the Incident Response plan you are responsible for if a cyber attack were to happen or if a critical security event has been detected.

Tom Dushaj is a business and technology executive and the author of 'Resumes That Work.' Tom has vast experience providing solutions to Fortune 500 companies in the areas of Information Technology Consulting, ERP Software, Personnel Management, and Intern
"At my current company, I was intimately involved in the development of our Cyber Security Incident Response Plan. I was responsible for overseeing the planning strategy, as well as the operational and tactical execution of the Incident Response plan. As per our company policy, we followed the NIST - Computer Security Incident Handling Guide. Here's a breakdown of the structure of the plan that I helped develop:
1.) Detection and Analysis - Includes everything from monitoring potential attacks to looking for signs of an incident.
2.) Train staff on detection, containment, eradication, and recovery.
3.) Identifying the source of potential attacks
4.) Containment and recovery - This involves disabling network/systems access and installing security patches to resolve vulnerabilities.
5.) Assess the damage."

Tom Dushaj is a business and technology executive and the author of 'Resumes That Work.' Tom has vast experience providing solutions to Fortune 500 companies in the areas of Information Technology Consulting, ERP Software, Personnel Management, and Intern
"It was important for me to be part of the containment and incident response team since I was directly involved in the creation of this team and plan. One of the many things that I took part in was examining past incident reports and lessons learned so that we could prevent similar incidents from happening in the future. I also reviewed and updated alert levels and investigated where possible single points of failure could happen. I wrote a service restoration document that included two critical steps:
1.) Perform a network/systems health check for validation to confirm that all systems are operational.
2.) Assess the damage and severity to determine the cause of the incident."

William Swansen has worked in the employment assistance realm since 2007. He is an author, job search strategist, and career advisor who helps individuals worldwide and in various professions to find their ideal careers.
Give some thought as to how you would respond to this question. We suggest you give the interviewer some insight into how the plan was developed and if you had any involvement or input in putting the plan together. This tells the interviewer that you were an instrumental part of the planning process from planning to executing this plan. Make sure to include a description of what parts of the plan you are responsible for if an incident occurs.

Interview Coach
Jaymie
A real coach, not AI. I read every answer myself and write back with personalized feedback.
Typically responds within 24 hours.
0 - Character Count
Prepare for technical scenarios and security assessments that interviewers prioritize.
Get StartedJump to Question

Written by William Swansen
47 Questions & Answers • Cyber Security

By William

By William