Page 1 of 29
INCIDENT RESPONSE PROCEDURES FOR
DATA BREACHES ACTUAL EXAM Q& A
TESTED AND APPROVED NEW MODIFIED
What actions should be taken immediately if theft by an employee is
suspected? -- ANSWER--Identify suspected parties, revoke all
privileges, change global or administrative passwords, back up logs,
and secure hardcopy evidence.
What types of materials could be compromised in an employee theft
incident? -- ANSWER--Credit card data, UserIDs and/or passwords,
proprietary information, and financial records.
What is the purpose of notifying relevant parties after a theft incident?
-- ANSWER--To inform them of the loss and any potential impacts.
What steps should be taken if credit card data is lost? -- ANSWER--
Notify appropriate authorities and institute procedures to minimize
impact to cardholders.
, Page 2 of 29
What should be done if <Company> proprietary information is
compromised? -- ANSWER--Initiate steps to minimize damage,
including termination of employment and prosecution.
What is the hardening procedure for Incident Type 1? -- ANSWER--
Review employee-vetting techniques and confidential data
dissemination procedures, and update documentation as necessary.
What characterizes Incident Type 2? -- ANSWER--Confidential
information stolen from staff due to negligence, such as misplacing or
losing documents.
What immediate actions should be taken if confidential information is
lost by staff negligence? -- ANSWER--Change UserIDs and
passwords of responsible individuals and any global passwords they
had access to.
What should be identified after a breach due to staff negligence? --
ANSWER-The point and specific type of breach, as well as what
specific material was compromised.
, Page 3 of 29
What disciplinary actions may responsible employees face in Incident
Type 2? - ANSWER--They may be subject to disciplinary policies up
to and including termination of employment.
What is the hardening procedure for Incident Type 2? -- ANSWER--
Review employee-training materials and remind employees of the
sensitive nature of data.
What defines Incident Type 3? -- ANSWER--Loss of confidential
information by accident due to unforeseen and uncontrollable
circumstances.
What is an example of a scenario that could lead to Incident Type 3? -
- ANSWER--Data lost in transit due to a traffic accident.
What actions should be taken immediately in the event of accidental
loss of confidential data? -- ANSWER--Change UserIDs and
passwords of affected individuals and any global passwords they had
access to.
INCIDENT RESPONSE PROCEDURES FOR
DATA BREACHES ACTUAL EXAM Q& A
TESTED AND APPROVED NEW MODIFIED
What actions should be taken immediately if theft by an employee is
suspected? -- ANSWER--Identify suspected parties, revoke all
privileges, change global or administrative passwords, back up logs,
and secure hardcopy evidence.
What types of materials could be compromised in an employee theft
incident? -- ANSWER--Credit card data, UserIDs and/or passwords,
proprietary information, and financial records.
What is the purpose of notifying relevant parties after a theft incident?
-- ANSWER--To inform them of the loss and any potential impacts.
What steps should be taken if credit card data is lost? -- ANSWER--
Notify appropriate authorities and institute procedures to minimize
impact to cardholders.
, Page 2 of 29
What should be done if <Company> proprietary information is
compromised? -- ANSWER--Initiate steps to minimize damage,
including termination of employment and prosecution.
What is the hardening procedure for Incident Type 1? -- ANSWER--
Review employee-vetting techniques and confidential data
dissemination procedures, and update documentation as necessary.
What characterizes Incident Type 2? -- ANSWER--Confidential
information stolen from staff due to negligence, such as misplacing or
losing documents.
What immediate actions should be taken if confidential information is
lost by staff negligence? -- ANSWER--Change UserIDs and
passwords of responsible individuals and any global passwords they
had access to.
What should be identified after a breach due to staff negligence? --
ANSWER-The point and specific type of breach, as well as what
specific material was compromised.
, Page 3 of 29
What disciplinary actions may responsible employees face in Incident
Type 2? - ANSWER--They may be subject to disciplinary policies up
to and including termination of employment.
What is the hardening procedure for Incident Type 2? -- ANSWER--
Review employee-training materials and remind employees of the
sensitive nature of data.
What defines Incident Type 3? -- ANSWER--Loss of confidential
information by accident due to unforeseen and uncontrollable
circumstances.
What is an example of a scenario that could lead to Incident Type 3? -
- ANSWER--Data lost in transit due to a traffic accident.
What actions should be taken immediately in the event of accidental
loss of confidential data? -- ANSWER--Change UserIDs and
passwords of affected individuals and any global passwords they had
access to.
