When a significant security breach occurs, what should be reported FIRST to senior management?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
When reporting an incident to senior management, the initial information to be communicated should include an explanation of what happened and how the breach was resolved.
A summary of security logs would be too technical to report to senior management.
An analysis of the impact of similar attacks and a business case for improving controls would be desirable; however, these would be communicated later in the process.
When a significant security breach occurs, it is important to report it immediately to senior management so that appropriate actions can be taken to mitigate the impact of the breach. However, the first piece of information that should be reported to senior management may vary depending on the situation.
Out of the given options, option B, "An explanation of the incident and corrective action taken," should be reported FIRST to senior management. This is because senior management needs to be aware of the details of the security breach, including the scope and severity of the incident, in order to assess the risk and take appropriate actions to address the issue.
Additionally, providing information about the corrective actions taken will demonstrate that the organization is taking the necessary steps to address the issue and prevent future incidents. This information can also help to inform senior management's decision-making process, such as determining whether to report the incident to external parties such as customers, partners, or regulators.
While options A, C, and D are all important pieces of information that should be provided to senior management, they are not the first priority when reporting a significant security breach. Option A, "A summary of the security logs that illustrates the sequence of events," can provide additional context to the incident and help to identify the cause of the breach. Option C, "An analysis of the impact of similar attacks at other organizations," can provide useful information for risk management and prevention strategies. Option D, "A business case for implementing stronger logical access controls," can inform future security planning and investment decisions. However, these pieces of information should be provided after the incident has been fully explained and addressed.