CompTIA CASP+ (CAS-004) — Question 366

A Chief Information Security Officer (CISO) received a call from the Chief Executive Officer (CEO) about a data breach from the SOC lead around 9:00 a.m. At 10:00 a.m. The CEO informs the CISO that a breach of the firm is being reported on national news. Upon investigation, it is determined that a network administrator has reached out to a vendor prior to the breach for information on a security patch that failed to be installed. Which of the following should the CISO do to prevent this from happening again?

Answer options

• A. Properly triage events based on brand imaging and ensure the CEO is on the call roster.
• B. Create an effective communication plan and socialize it with all employees.
• C. Send out a press release denying the breach until more information can be obtained.
• D. Implement a more robust vulnerability identification process.

Correct answer: B

Explanation

The correct answer is B, as creating an effective communication plan ensures that all employees are aware of protocols related to breaches, which can help prevent misinformation and improve response times. Option A, while important, focuses more on branding than on internal communication processes. Option C is not advisable as it could lead to a lack of transparency. Option D, while beneficial, does not directly address the communication failures that led to the breach being publicized before proper internal measures were taken.