Following a breach, what is the BEST source to determine the maximum amount of time before customers must be notified that their personal information may have been compromised?
After a security breach, you don't look at industry regulations, you go and find out the time required from the incident response plan. But in the first place, this information enters the incident response plan from industry regulations
C. is correct: “Following a breach ,..” is the key phrase here. It is about the best source for an urgent operational action and not about which is the best source to create the incident response plan. A Google search with operator 'site:isaca.org' and search term 'incident response plan' gives us an ISACA QAE compliant answer. An incident response plan has to be created according to different ‘incident response models’ depending on the industry. In other words, by the time the operational issue arises, the industry-related regulations have long been integrated into the incident response plan and the only thing left to do is to act accordingly. And the best source for this at the time of "following a breach..." is the incident response plan.
I think the source is the incident response plan. While dealing with an incident do you want to look up breach notification research, best practices, industry standards and my not be right for your company.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
musat
3 months, 3 weeks agoanaluisamoreira
4 months, 3 weeks ago46080f2
5 months, 3 weeks agokGiGa
12 months agostarzuu
1 year, 4 months agoAliHamza
1 year, 4 months ago3008
1 year, 5 months agoItsBananass
1 year, 5 months agoItsBananass
1 year, 5 months agotesthongbrian
1 year, 7 months agoEric0223
1 year, 9 months agoJulianleehk
2 years, 1 month agoMunaM
2 years, 2 months ago