Certified Chief Information Security Officer (CCISO) — Question 94

Scenario: Your corporate systems have been under constant probing and attack from foreign IP addresses for more than a week. Your security team and security infrastructure have performed well under the stress. You are confident that your defenses have held up under the test, but rumors are spreading that sensitive customer data has been stolen and is now being sold on the Internet by criminal elements.
During your investigation of the rumored compromise, you discover that data has been breached and that the repository of stolen data is on a server located in a foreign country. Your team now has full access to the data on the foreign server.
What action should you take FIRST?

Answer options

• A. Consult with other executives to develop an action plan
• B. Contract with a credit reporting company for paid monitoring services for affected customers
• C. Contact your local law enforcement agency
• D. Destroy the repository of stolen data

Correct answer: A

Explanation

The correct answer is A because consulting with other executives is essential to devise a coordinated response plan that addresses the breach and its implications. Options B and D, while important, should come after establishing a strategic plan, and contacting law enforcement (Option C) is also crucial but should be done in conjunction with the initial action of formulating an action plan.