A suspected crime has been reported within your organization. Which of the following steps should the incident response team take first?

A.
Establish a procedure for responding to the incident.

B.
Call in forensics experts.

C.
Determine that a crime has been committed.

D.
Notify senior management.

Explanation:
C: When a suspected crime is reported, the incident response team should follow a set of predetermined steps to ensure uniformity in their approach
and make sure no steps are skipped. First, the incident response team should investigate the report and determine that an actual crime has been
committed. If the team determines that a crime has been carried out, senior management should be informed immediately. At this point, the company must
decide if it wants to conduct its own forensics investigation or call in external experts.
A is incorrect because a procedure for responding to an incident should be established before an incident takes place. Incident handling is commonly a
recovery plan that responds to malicious technical threats. While the primary goal of incident handling is to contain and mitigate any damage caused by an
incident and to prevent any further damage, other objectives include detecting a problem, determining its cause, resolving the problem, and documenting
the entire process.
B is incorrect because calling in a forensics team does not occur until the incident response team has investigated the report and verified that a crime
has occurred. Then the company can decide if it wants to conduct its own forensics investigation or call in external experts. If experts are going to be called
in, the system that was attacked should be left alone in order to try and preserve as much evidence of the attack as possible.
D is incorrect because the incident response team must first determine that a crime has indeed been carried out before it can notify senior management.
There is no need to alarm senior management if the report is false.