Who should be contacted FIRST in the event of a security breach?

A.
Forensics analysis team

B.
Internal auditors

C.
Incident response team

D.
Software vendors

Explanation:
A security breach is an incident and requires a response. The incident response team would be better
equipped to deal with any incident insofar as all their procedures are concerned. Their procedures in
addressing incidents are: Preparation; Incident identification; Escalation and notification; Mitigation
steps; Lessons learned; Reporting; Recover/reconstitution procedures; First responder; Incident isolation
(Quarantine; Device removal); Data breach; Damage and loss control.
Incorrect Answers:
A: A forensics analysis involves the evidence found in computers and on digital storage media and
incident response encompasses forensics and refers to the process of identifying, investigating, repairing,
documenting, and adjusting procedures to prevent another incident.
B: Internal auditing is part of the job description of the incident response team when they perform their
documenting and recording of the costs involved addressing the incident.
D: Software vendors are only contacted when the incident response team deems it necessary. Thus the
first contact in the event of a security breach is the incident response team.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 429, 446