Many data were detected being exported from the PPM Technology Inc, network. An internal investigation has shown
Many data were detected being exported from the PPM Technology Inc, network. An internal investigation has shown an ex-employee still had an active employee account and was discovered exporting client data to a third party. The threat actor convinced the company's front desk to let them access a company's internal computer in the guise of recovering personal data from their own account. the client's emails and finances may have been leaked.
What is your response to all questions:
1- Who within PPM Technology Inc would you need to notify of what happened?
2- How would this be prevented from happening again?
3- What steps should be taken immediately to contain the breach and stop further data loss?
4- How should the company encrypt all data?
5- How should a company update records for all data processing activities after this breach?
6- How should the company review and monitor applicable security controls for securing data?
7- Dos the company needs to appoint a Data Protection Officer to prevent this breach from happening again?
8- How should PPM Technology Inc investigate this incident?
9- What types of evidence should be collected for law enforcement?
10- How should the company information and discuss this incident with their clients?
11- How would this affect availability for your network?
12- What security processes could you have had in place to counteract this situation?
13- Is this incident a one-time event, or a part of a series of incidents?
14- Who is going to be involved in the post-resolution conference/interview?