Report and respond to security incidents Questions

If an organization provides a help desk, a dedicated security email address, and an incident form, how should an employee choose where to report a phi...

Why is it still useful to document false positives after an investigation?

Which event should an employee report even if no damage has been confirmed yet?

What information should be included when reporting a lost company laptop or phone?

A shared folder suddenly fills with encrypted files and ransom notes. What is the best immediate response?

Which is an example of an approved channel an organization might provide for incident reporting?

An employee accidentally emails a customer list to an unauthorized external recipient. When is escalation required?

Which details are most useful when reporting a phishing email?

Why should a user stop sharing data immediately after a suspected breach is discovered?

When sensitive data exposure is suspected, who may need to become involved according to escalation procedures?

A suspicious text message asks a user to sign in through an unfamiliar link. Which details would be most useful in the report?

Which event should be reported right away as a possible security issue?

A user sees possible malware symptoms but assumes it is probably a false positive and worries about overreacting. What is the best response?

Which detail should be included in a security report when relevant?

A user realizes sensitive data was sent to the wrong recipient. What is the right first reaction?