CompTIA CySA+ (CS0-003) — Question 134

An organization discovered a data breach that resulted in PII being released to the public. During the lessons learned review, the panel identified discrepancies regarding who was responsible for external reporting, as well as the timing requirements. Which of the following actions would best address the reporting issue?

Answer options

• A. Creating a playbook denoting specific SLAs and containment actions per incident type
• B. Researching federal laws, regulatory compliance requirements, and organizational policies to document specific reporting SLAs
• C. Defining which security incidents require external notifications and incident reporting in addition to internal stakeholders
• D. Designating specific roles and responsibilities within the security team and stakeholders to streamline tasks

Correct answer: B

Explanation

The correct answer, B, focuses on understanding the legal and organizational requirements for reporting, which is essential for compliance and effective communication. While options A, C, and D are valuable for incident management, they do not directly address the need for documenting specific SLAs related to external reporting, which is crucial in this scenario.