A person in your security team calls you at night and informs you that one of your web applications is potentially under attack from a cross-site scripting vulnerability. What do you do?
A.
tell him to shut down the server
B.
tell him to call the police
C.
tell him to invoke the incident response process
D.
tell him to analyze the problem, preserve the evidence and provide a full analysis and report
Incident Response Process:EC-Council CISO emphasizes that security incidents, especially potential attacks, should immediately trigger the organization’s Incident Response (IR) process. This ensures a systematic, timely, and controlled reaction.
Steps to Take:
Activate the IR process to triage the issue.
Confirm the vulnerability (cross-site scripting) and assess its potential impact.
Preserve evidence and log all activities for forensic and reporting purposes.
Why Not Other Options:
Shutting down the server (A) may disrupt services unnecessarily and destroy critical evidence.
Contacting law enforcement (B) is premature without confirming the attack.
Analyzing the issue and providing a report (D) is part of the IR process but not the immediate next step.
EC-Council CISO Guidance:Following a structured IR process minimizes chaos, ensures evidence preservation, and aligns with best practices in incident management.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit