Multiple choice1 / 15
An organization has never established a Computer Security Incident Response Team, written playbooks, or deployed SIEM/IDS tooling. When a ransomware event occurs, responders must invent procedures in real time. Which NIST SP 800-61 phase most directly accounts for the failure?