If an organization considers taking legal action on a security incident, the information security manager should focus PRIMARILY on:

If an organization considers taking legal action on a security incident, the information security manager should focus PRIMARILY on:

If an organization considers taking legal action on a security incident, the information security manager should focus PRIMARILY on:

A.
obtaining evidence as soon as possible.

B.
preserving the integrity of the evidence.

C.
disconnecting all IT equipment involved.

D.
reconstructing the sequence of events.

Explanation:
The integrity of evidence should be kept, following the appropriate forensic techniques to obtain the evidence and a chain of custody procedure to maintain the evidence (in order to be accepted in a court of law). All other options are part of the investigative procedure, but they are not as important as preserving the integrity of the evidence.

Show Hint

Leave a Reply 0

Your email address will not be published. Required fields are marked *