🔥 3-day streak
CompTIA CySA+ (CS0-003)35 / 147
Question 35 of 147
During an active ransomware incident, the SOC lead confirms that customer payment data may have been accessed. The incident response team is executing containment, but individual analysts have begun emailing partners and posting status updates in a public Slack channel. The CISO is concerned about inconsistent messaging and potential legal exposure. Which element of incident response preparation should have been established to govern who communicates what, to whom, and when during this incident?
Reviewed for accuracy · Report an issueNext question