An organization has verified that its customer information was recently exposed. Which of the following is the FIRST step a security manager should take in this situation?
A.
Inform senior management.
B.
Determine the extent of the compromise.
C.
Report the incident to the authorities.
D.
Communicate with the affected customers.
Explanation:
Before reporting to senior management, affected customers or the authorities, the extent of the exposure needs to be assessed.