At a meeting, the systems administrator states the security controls a company wishes to implement seem excessive, since all of the information on the company's web servers can be obtained publicly and is not proprietary in any way.
The next day the company's website is defaced as part of an SQL injection attack, and the company receives press inquiries about the message the attackers displayed on the website.
Which of the following is the FIRST action the company should take?
Click on the arrows to vote for the correct answer
A. B. C. D. E.A.
The correct answer to the question is A. Refer to and follow procedures from the company's incident response plan.
Explanation:
When an organization experiences a security breach, the first action they should take is to refer to and follow the procedures outlined in their incident response plan. An incident response plan is a set of procedures that an organization follows when it experiences a security incident. This plan defines the roles and responsibilities of the incident response team and provides guidelines for how the team should respond to the incident.
In the scenario presented in the question, the company has experienced a security breach, and therefore, it is essential to follow the incident response plan. This plan will outline the specific steps that the company should take to contain the breach, mitigate the damage caused, and prevent further attacks from occurring. The incident response plan may include procedures such as isolating affected systems, identifying the root cause of the breach, and notifying relevant stakeholders.
Option B is incorrect because calling a press conference at this stage may cause more harm than good. It is essential to first contain the breach and mitigate the damage before making any public statements.
Option C is also incorrect because establishing a chain of custody is part of the forensic analysis process, which should occur after the incident has been contained.
Option D is also incorrect because conducting a detailed forensic analysis of the compromised system is an important step but should occur after the incident has been contained and the damage has been mitigated.
Option E is also incorrect because informing the communications and marketing department of the attack details should occur after the incident has been contained and the damage has been mitigated.
In summary, the company should follow its incident response plan as the first step to contain the breach, mitigate the damage, and prevent further attacks.