During an initial response to a cybersecurity incident, the incident response team must carefully manage communication with the media to prevent misinformation. Which action is most appropriate for the team to take?
Immediately hold a press conference to disclose all technical details known at the time.
Prepare an initial holding statement confirming the occurrence of an incident and that an investigation is underway.
Preemptively release potential patches or workarounds to the media before fully validating their effectiveness.
Assure the media that all customer data is secure without first verifying the full extent of the breach.
Preparing an initial holding statement allows the organization to confirm that an incident has occurred and that an investigation is underway, while providing no specific details that might be subject to change. A preemptive disclosure of technical details could be incorrect and damage the organization's credibility. Holding a press conference is generally not the first immediate action, and providing assurances about the safety of customer data is premature before the investigation confirms such details.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an incident response team and what are their roles?
Open an interactive chat with Bash
What should be included in an initial holding statement during a cybersecurity incident?
Open an interactive chat with Bash
Why is it important to avoid immediate disclosure of technical details to the media during an incident?