Incident Management Policy and Security Report Quiz

Creating a verified copy of log files using a write-blocking tool

Deleting log files after extraction

Sharing log files without verification

Modifying log files to fit the investigation

To prove the data has not been altered

To make files easier to access

To reduce file size

To encrypt the files for security

It should be isolated and preserved for forensic examination

It should be immediately replaced

It should be left operating as usual

It should be upgraded to the latest model

The footage could be permanently lost if not exported and preserved promptly

The footage will automatically be backed up

The footage will be encrypted for security

The footage will be made public

Implement a formal digital evidence handling procedure

Establish a formal out-of-hours response arrangement

Require immediate isolation of affected hardware

Increase the number of legal staff during weekdays

To ensure evidence is collected consistently regardless of which technician is on duty

To allow evidence to be accessed by anyone at any time

To reduce the number of incidents occurring at weekends

To make evidence handling less formal

To handle visitor-facing communications

To extract digital evidence

To authorize containment actions

To calculate cryptographic hashes

Guidance on how to handle digital evidence

Instructions for contacting customers

Steps for freezing accounts

Procedures for reviewing CCTV footage

Only if the breach occurs during business hours

When there is a high risk to individuals' rights and freedoms

After the Head Office is informed

Only if Legal and PR agree

Assess whether affected individuals need to be notified, in consultation with Legal

Only notify Legal and PR

Wait for customer complaints before acting

Notify customers only after business hours