After identifying an active security breach that involves stolen customer payment information, what is the FIRST step the incident response team should take in terms of communication with law enforcement agencies?
Immediately inform law enforcement to assist with the investigation.
Start an internal investigation without informing law enforcement to avoid legal scrutiny.
Declare the incident to the appropriate organizational authorities and then reach out to law enforcement.
Publicly announce the breach to warn other organizations before contacting law enforcement.
Incident declaration to an organization's internal authorities is the first step that should be taken before communicating with outside agencies such as law enforcement in the event of a security breach. This ensures that proper internal procedures are met and that there is managerial oversight of the information being handed over to law enforcement. Contacting law enforcement without the knowledge of the appropriate organizational authorities can lead to miscommunication and potentially complicate the legal processes.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is it important to declare the incident to internal authorities first?
Open an interactive chat with Bash
What are the risks of contacting law enforcement before internal authorities?
Open an interactive chat with Bash
What are the roles of organizational authorities during a security breach?