During the monitoring phase, an anomaly is detected in the network traffic pattern indicating potential exfiltration of sensitive data. The security analyst observes a consistent high volume of outbound traffic heading to an unusual external IP address. What should the analyst do FIRST in accordance with incident declaration and escalation practices?
Draft an executive summary of the event to be distributed to all employees to ensure company-wide awareness.
Follow the organizational incident response plan to determine if the observed activity meets the criteria for incident declaration and escalate as required.
Contact law enforcement for immediate investigation before taking any internal response measures.
Immediately disconnect the network to prevent further potential data loss without validating the incident.
Upon detection of anomalies that suggest a security incident, the analyst should first follow the organizational incident response plan to determine if the observed activity meets the criteria for declaring an incident. Once confirmed that it meets the threshold, the incident should be escalated according to the plan, ensuring that the relevant stakeholders are alerted and the appropriate response activities commence.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.