What is the FIRST thing the incident response manager should do?

A possible breach of an organization’s IT system is reported by the project manager. What is the
FIRST thing the incident response manager should do?

A possible breach of an organization’s IT system is reported by the project manager. What is the
FIRST thing the incident response manager should do?

A.
Run a port scan on the system

B.
Disable the logon ID

C.
Investigate the system logs

D.
Validate the incident

Explanation:

When investigating a possible incident, it should first be validated. Running a port scan on the
system, disabling the logon IDs and investigating the system logs may be required based on
preliminary forensic investigation, but doing so as a first step may destroy the evidence.



Leave a Reply 0

Your email address will not be published. Required fields are marked *