A coordinated procedure helps stop further disclosures and gather evidence for an investigation. Activating a response plan and preserving logs enables methodical containment and documentation. Notifying law enforcement might be appropriate at a later stage, based on incident severity and organizational procedure. Revoking credentials in relevant areas should be guided by evidence and access logs to avoid damaging normal operations. Shutting down affected servers might remove evidence and could delay recovery if not done systematically.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is activating a response plan considered the initial recommended action?
Open an interactive chat with Bash
What does 'securing evidence' involve in a cybersecurity incident?
Open an interactive chat with Bash
Why is shutting down affected servers not recommended as an initial action?