The correct first step in responding to a data breach, as emphasized in theWGU Cybersecurity Architecture and Engineering (KFO1 / D488)course material underIncident Responseprocedures, is tonotify affected users. This aligns with theContainment, Eradication, and Recoveryphase of theNIST Incident Response Lifecyclediscussed in the course content. Prompt notification is crucial to empower users to take immediate protective measures such as updating credentials or monitoring for identity theft.
While other actions like implementing access control policies or improving encryption are validpreventive or corrective controls, they are not theinitial response stepafter a breach is identified. Public announcements are typically handledafter internal assessmentsand legal compliance actions are underway.
Reference Extract from Study Guide:
“As soon as a breach affecting personal data is confirmed, organizations are obligated to notify impacted users in accordance with legal and ethical standards. Notification is part of the initial incident response phase and should occur immediately after verification of the breach.”
—WGU KFO1 / D488 Study Guide: Incident Handling and Response
=============================================
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit