During an incident response, a cybersecurity analyst must prepare an executive summary for C-level executives. Which information is most appropriate to include to support executive decision-making?
Impact of the incident, including operational and financial implications
Detailed list of attacker tactics, techniques, and procedures
Comprehensive list of every affected system and user account
Line-by-line audit logs and raw intrusion-detection data
An effective executive summary presents a high-level overview of the incident that concentrates on business impact-such as operational disruption, financial loss, or reputational damage-plus any immediate next steps. Executives generally do not need detailed technical artifacts like full log files or attacker TTPs; they need to understand how the incident affects the organization so they can authorize resources and set priorities. Therefore, highlighting the incident's impact is the most useful content for this audience.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What specific types of impact should be included in the executive summary?
Open an interactive chat with Bash
What should be included in the 'Recommended Actions' section of the summary?
Open an interactive chat with Bash
Why should the executive summary avoid technical details like TTPs?