The IT Security Analyst for a small organization is working on a customer’s system and identifies a possible
intrusion in a database that contains PII. Since PII is involved, the analyst wants to get the issue addressed as
soon as possible. Which of the following is the FIRST step the analyst should take in mitigating the impact of
the potential intrusion?

A.
Contact the local authorities so an investigation can be started as quickly as possible.

B.
Shut down the production network interfaces on the server and change all of the DBMS account passwords.

C.
Disable the front-end web server and notify the customer by email to determine how the customer would liketo proceed.

D.
Refer the issue to management for handling according to the incident response process.