If an organization considers taking legal action on a s…

If an organization considers taking legal action on a security incident, the information security manager should
focus PRIMARILY on:

If an organization considers taking legal action on a security incident, the information security manager should
focus PRIMARILY on:

A.
obtaining evidence as soon as possible.

B.
preserving the integrity of the evidence.

C.
disconnecting all IT equipment involved.

D.
reconstructing the sequence of events.

Explanation:

The integrity of evidence should be kept, following the appropriate forensic techniques to obtain the evidence and a chain of custody procedure to maintain the evidence (in order to be accepted in a court of law). All other options are pan of the investigative procedure, but they are not as important as preserving the integrity of the evidence.



Leave a Reply 0

Your email address will not be published. Required fields are marked *