A security analyst is triaging several security events. During an incident response, which of the following findings would MOST likely require immediate communication with the organization's legal team?
A denial-of-service (DoS) attack that temporarily disrupts a public-facing website.
An incident involving the potential breach of sensitive customer data.
An employee's violation of the acceptable use policy by installing unapproved software.
The discovery of a new malware variant on a single, isolated workstation.
The correct answer is that incidents involving potential breaches of sensitive data must be communicated to legal teams. This is because such incidents carry significant legal and regulatory risks, including mandatory data breach notification laws (like GDPR, CCPA, and others), potential litigation, and regulatory fines. Legal counsel must be involved early to manage liability, ensure compliance, and guide the response under attorney-client privilege.
Other incidents, while serious, may not have the same immediate legal trigger. A DoS attack is primarily a business continuity issue unless it is part of an extortion attempt. Contained malware on a single host is a technical issue for the response team to remediate. An AUP violation is typically an HR matter before it becomes a legal one.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are data breach notification laws like GDPR and CCPA?
Open an interactive chat with Bash
Why does a legal team need to be involved in a sensitive data breach?
Open an interactive chat with Bash
How do DoS attacks differ from incidents like data breaches in terms of response priority?