Upon discovering a data breach involving unauthorized access to the customer records system, what is the PRIMARY action the security team should focus on according to standard security protocols?
Immediately isolate affected systems to stop the spread of the breach.
Prioritize the review of security logs to trace the origin of the attack.
Start documenting the details of the breach and response actions taken.
Notify the company's legal team and prepare for public disclosure.
The initial focus in the event of a security breach should be to limit the damage and prevent further compromise. This is achieved by containing the threat, thereby stopping the incident from affecting additional resources. While documenting the events and notifying appropriate parties are also important, these actions occur after the immediate threat has been controlled to prevent exacerbation of the situation. Analyzing logs is part of the subsequent investigation and not the immediate concern when a breach is in progress.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is isolating affected systems the priority during a data breach?
Open an interactive chat with Bash
What standard security protocols should be followed after isolating systems?
Open an interactive chat with Bash
What are security logs, and why are they important in breach investigations?