CompTIA CySA+ (CS0-001) — Question 7

A security analyst is adding input to the incident response communication plan. A company officer has suggested that if a data breach occurs, only affected parties should be notified to keep an incident from becoming a media headline. Which of the following should the analyst recommend to the company officer?

Answer options

• A. The first responder should contact law enforcement upon confirmation of a security incident in order for a forensics team to preserve chain of custody.
• B. Guidance from laws and regulations should be considered when deciding who must be notified in order to avoid fines and judgements from non-compliance.
• C. An externally hosted website should be prepared in advance to ensure that when an incident occurs victims have timely access to notifications from a non- compromised recourse.
• D. The HR department should have information security personnel who are involved in the investigation of the incident sign non-disclosure agreements so the company cannot be held liable for customer data that might be viewed during an investigation.

Correct answer: A

Explanation

The correct answer is A because contacting law enforcement ensures that a proper investigation can take place and that evidence is preserved, which is crucial in the event of a data breach. The other options, while relevant to incident response, do not directly address the immediate need to involve law enforcement and ensure proper handling of the incident.