An organization that has outsourced its incident management capabilities just discovered a significant privacy breach by an unknown attacker. Which of the following is the MOST important action of the information security manager?
A.
Follow the outsourcer's response plan
B.
Refer to the organization's response plan
C.
Notify the outsourcer of the privacy breach
D.
Alert the appropriate law enforcement authorities
B is right: Although the organization outsourced the process, the organization is still accountable of the breached data. Therefore, it should activate its own IR plan and, which should include IR activities with the vendor together.
Even though you notify the third party in this case. Who else will be involved and the communication plan, what next everything is documented in org's IR policy.
I vote C. Privacy breach is a huge thing that elevates incident to another level. Since the questions states that company has outsourced its entire incident management capabilities, then the most important think it should do is to communicate to their incident management provider that privacy breach has occurred.
C would be part of B. The reason you follow the organization response plan because it contains a series of steps on what to do. There may be an extra step such as notify the CEO before contacting the outsourcer.
The company has outsourced it's incidence management capabilities so it wouldn't have an incident response plan; therefore the information security manager would notify the outsourcer of the privacy breach.
B. Refer to the organization's response plan
It is crucial for the organization's information security manager to refer to the organization's own incident response plan first. This plan should outline the specific procedures and processes that the organization has established to respond to security incidents, including privacy breaches. Following the organization's response plan ensures that the incident is handled in alignment with the organization's internal policies, legal requirements, and best practices
in my opinion is B because I assume that inside the response plan (if the company has outsourced the incident management services) there is the process to involve the supplier
when faced with a significant privacy breach, the information security manager should first refer to the organization's own response plan to ensure a structured and effective response.
Notifying the outsourcer of the privacy breach (option C) is an important step, as they may have a role in supporting the incident response efforts or have contractual obligations related to incident reporting. However, it should be done in accordance with the organization's own response plan and in a coordinated manner.
the organization should have its own response plan that outlines the specific steps and actions to be taken in the event of a privacy breach. This plan would provide guidance on how to handle the incident, including notifying the appropriate stakeholders, conducting an investigation, containing the breach, and implementing remedial measures. So Option B is the correct one
The Correct Answer is (B) Refer to the organization's response plan. The first thing an organization should do is look at their incident response plan.
Rationale:
A. The organization can not outsource its responsibility to another organization.
C. The outsourcer should only be contacted once the organization has been prepared and has a plan.
D. Alert the appropriate law enforcement authorities should be part of the organization's incident response plan. This should be carefully evaluated cause once the organization calls the police the org loses control of the situation and thus should only be called once activated by the incident response plan.
Notifying the outsourcer of the privacy breach is certainly important, but it is not the most critical action in this scenario. The most important action for the information security manager would be to alert the appropriate law enforcement authorities. The reason for this is that a significant privacy breach by an unknown attacker may be a criminal act and requires immediate attention from law enforcement. Furthermore, reporting the incident to law enforcement can also help the organization gather information about the attacker, prevent further damage, and ensure the incident is properly investigated and resolved.
upvoted 2 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
MyKasala
Highly Voted 2 years, 1 month agoJosef4CISM
Most Recent 1 month, 3 weeks agoe891cd1
8 months, 3 weeks agod3fa4d2
10 months, 2 weeks agoAlexJacobson
1 year, 1 month agoSalilgen
1 year agoCraftymartha
1 year, 4 months agooluchecpoint
1 year, 5 months agoAgamennore
1 year, 6 months agorichck102
1 year, 8 months agowello
1 year, 9 months agoSaisharan
1 year, 9 months agosedardna
1 year, 9 months agoDravidian
1 year, 10 months agodark_3k03r
1 year, 10 months agoCarlPTY07
1 year, 12 months agoxcjxcj
12 months agoBroesweelies
2 years ago