CompTIA CySA+ (CS0-003) — Question 21

A company’s security team is updating a section of the reporting policy that pertains to inappropriate use of resources (e.g., an employee who installs cryptominers on workstations in the office). Besides the security team, which of the following groups should the issue be escalated to first in order to comply with industry best practices?

Answer options

• A. Help desk
• B. Law enforcement
• C. Legal department
• D. Board member

Correct answer: C

Explanation

The correct answer is C, the Legal department, because they can provide guidance on the legal implications of the inappropriate use of resources and ensure compliance with regulations. The Help desk (A) typically handles technical issues, Law enforcement (B) would be involved only if there is criminal activity, and Board members (D) may not be directly involved in the initial handling of such policy violations.