A company has become aware of a potential data breach that may have exposed sensitive customer information. In anticipation of possible litigation, which of the following actions is the BEST to ensure proper preservation of electronic evidence?
Prepare and distribute a legal hold notice to appropriate personnel, and suspend any automated data deletion or overwriting policies.
Isolate the affected network segment to prevent further unauthorized access and contain the breach.
Take regular system backups to ensure any deleted files can be recovered during the investigation process.
Limit access to the compromised systems exclusively to members of the legal team until the situation is resolved.
Placing affected systems and related evidence under a legal hold is crucial when litigation is expected. This process ensures that all potential evidence is preserved in its current state and that no data is destroyed or altered. Enforcing legal holds typically includes suspending automated data deletion policies and ensuring that any relevant backups or archives are also preserved. Taking regular backups, limiting access to the legal team, or isolating the network segment are important incident response actions but do not directly address the preservation of evidence as dictated by a legal hold.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a legal hold notice?
Open an interactive chat with Bash
Why is it important to suspend automated data deletion policies during a legal hold?
Open an interactive chat with Bash
What are the consequences of not following a legal hold process?