An event that poses a threat to the business information, in regard to its confidentiality, integrity & availability

When an incident is detected or suspected, what is the first action that should take place?

When an initial assessment of the event takes place, what is the first thing to identify?

When should the removal and secure storage of original hard disks take place?

Who should be contacted before notifying any external agencies?

What name is given to the team that needs to be assembled as part of the IR policy?