Because the scenario explicitly identifies that weaknesses in the organization's problem management approach were exposed by the breach, the immediately necessary corrective step is to strengthen that specific discipline by investigating the root causes of the recent incidents involved, in order to understand what underlying weaknesses allowed the breach to occur and to prevent similar breaches from recurring in the future, which is precisely the core function problem management exists to perform. Addressing the identified gap directly, rather than continuing to operate reactively, is the step that meaningfully improves the organization's posture going forward. Focusing only on resolving ongoing issues (B) describes incident management's symptom-focused, restore-service objective, which the scenario has already identified as insufficient on its own, since it does not address the deeper weaknesses in problem management the breach exposed. Referring to existing documentation on current incidents (C) is a passive, backward-looking review activity that does not constitute the active investigative work needed to identify and correct root causes going forward. Informing law enforcement (D) may be an appropriate and sometimes legally required action depending on the nature and jurisdiction of the breach, but it is a parallel legal and regulatory response track, not a technical corrective action addressing the specifically identified weakness in the organization's problem management practice. Investigating root causes is correct.
Reference topic: Managing the Data Protection Environment - Strengthening Problem Management After a Breach.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit