During an ongoing investigation of a security breach, it is determined that sensitive customer data has been illegally accessed and exfiltrated by an external party. As part of the incident response team, you are tasked with the responsibility of communicating with law enforcement. What information should you prioritize in your initial report to the authorities to aid their investigation effectively?
A detailed compilation of evidence such as logs and disk images
A comprehensive root cause analysis outlining potential internal faults
Metrics such as mean time to detect and respond to the incident
An executive summary of the incident, highlighting who, what, when, where, and why details
The initial report to law enforcement should prioritize providing the 'Who, what, when, where, and why' details of the incident. This information creates a foundational understanding of the breach and supports legal investigations. While evidence is crucial for in-depth investigation and root cause analysis is essential for understanding the cause, they are usually provided after the initial report as part of ongoing communication and detailed technical reports.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the critical components of an executive summary for law enforcement?
Open an interactive chat with Bash
Why is it essential to provide the initial details before evidence in an incident report?
Open an interactive chat with Bash
What role does ongoing communication play in the incident response process?