Certified Incident Handler (CIH) Practice Ecam

What practice should an incident handler implement to handle web application security incidents safely?

• A. Maintain an inventory of organizational IT Infrastructure
• B. Create a blacklist of all legitimate IP addresses
• C. Allow unrestricted access to web applications
• D. Rely on user feedback for security measures

The correct answer is: Maintain an inventory of organizational IT Infrastructure

Maintaining an inventory of organizational IT infrastructure is a crucial practice for an incident handler when managing web application security incidents. This inventory provides a comprehensive understanding of the assets within the organization, including servers, applications, databases, and other critical components. Having detailed knowledge about the infrastructure helps incident handlers respond effectively to security incidents by identifying which system might be affected, what vulnerabilities could be exploited, and the scope of potential damage. This practice enables quicker identification and isolation of impacted systems, ensures that all relevant data and resources are secured during an incident, and facilitates an informed incident response strategy. Additionally, an updated inventory assists in risk assessment and future planning by highlighting dependencies and potential points of failure within the IT ecosystem. In contrast, other options do not contribute effectively to safely handling web application security incidents. Creating a blacklist of legitimate IP addresses is a reactive approach that may not adequately defend against new threats. Allowing unrestricted access to web applications severely compromises security and increases vulnerability. Relying on user feedback for security measures can lead to incomplete or misguided information, as users may not always be aware of the underlying security requirements or potential threats.