After discovering that attackers exfiltrated sensitive customer data, an organization's incident-response team activates its crisis-communication plan. The chief information security officer asks the public relations (PR) unit to carry out its primary duty under the plan.
Which activity BEST falls within the PR unit's responsibility during this phase of the incident?
Directing containment and eradication actions on compromised servers
Drafting press releases and media talking points to inform external audiences
Creating forensic disk images and maintaining chain-of-custody records
Determining whether the breach meets statutory reporting thresholds and deadlines
The PR unit's core responsibility is external communication-preparing and releasing clear, accurate messages for customers, investors, and the news media so the organization can control the public narrative and preserve trust. Determining statutory reporting thresholds is handled by legal/compliance teams, containment and eradication are technical IR tasks, and collecting forensic images is the job of digital-forensics personnel, not public relations.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the key responsibilities of public relations during a cybersecurity incident?
Open an interactive chat with Bash
Why is transparency important in public relations during a cybersecurity incident?
Open an interactive chat with Bash
How does public relations differ from other teams involved in a cybersecurity incident?