Which of the following should an information security manager do FIRST after learning through mass media of a data breach at the organization's hosted payroll service provider?
A.
Suspend the data exchange with the provider
B.
Notify appropriate regulatory authorities of the breach.
The first thing an information security manager should do after learning through mass media of a data breach at the organization’s hosted payroll service provider is to validate the breach with the provider, which means contacting the provider directly and confirming the details and scope of the breach, such as when it occurred, what data was compromised, and what actions the provider is taking to mitigate the impact. Validating the breach with the provider can help the information security manager assess the situation accurately and plan the next steps accordingly. The other options, such as suspending the data exchange, notifying regulatory authorities, or initiating the business continuity plan, may be premature or unnecessary before validating the breach with the provider. References:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit