Many data were detected being exported from the PPM Technology Inc, network. An internal investigation has shown an ex-employee still had an active employee account and was discovered exporting client data to a third party. The threat actor convinced the company's front desk to let them access a company's internal computer in the guise of recovering personal data from their own account. the client's emails and finances may have been leaked.

 What is your response to all questions:

1- Who within PPM Technology Inc would you need to notify of what happened?
2- How would this be prevented from happening again?
3- What steps should be taken immediately to contain the breach and stop further data loss?

4- How should the company encrypt all data?
5- How should a company update records for all data processing activities after this breach?
6- How should the company review and monitor applicable security controls for securing data?
7- Dos the company needs to appoint a Data Protection Officer to prevent this breach from happening again?

8- How should PPM Technology Inc investigate this incident?
9- What types of evidence should be collected for law enforcement?
10- How should the company information and discuss this incident with their clients?

11- How would this affect availability for your network?
12- What security processes could you have had in place to counteract this situation?
13- Is this incident a one-time event, or a part of a series of incidents?
14- Who is going to be involved in the post-resolution conference/interview?