An incident response team is responding to a breach of multiple systems that contain PII and PHI. Disclosure of the incident to external entities should be based on:
Agree. Here is an example per your link: The incident response section (4.1) of the Comptia exam objectives is shown as the following:
Communication plan
- Limiting communication to trusted parties
- Disclosing based on regulatory/ legislative requirements
- Preventing inadvertent release of information
- Using a secure method of communication
- Reporting requirements
C is the correct answer. B falls under the second bullet above.
Disclosure of a security incident to external entities, especially one that involves sensitive data such as personally identifiable information (PII) and protected health information (PHI), should be based on the guidance of senior management. Senior management will assess the impact and potential fallout of the breach and determine the appropriate parties to notify, such as regulatory bodies and affected individuals. The communication plan and public relations policy should be informed by this guidance. The incident response team should work with senior management to ensure that appropriate notifications are made in a timely manner.
The decision to disclose a data breach to external entities should be based on the organization's communication plan and the senior management team's guidance. The plan should include criteria for determining when an incident is reportable to regulators, customers, partners, or the public, as well as the appropriate channels for communicating the breach to these entities. The decision to disclose should be based on the severity of the breach, the sensitivity of the data that was compromised, and other relevant factors that may impact the organization's reputation or legal obligations. The incident response team should follow the communication plan and seek guidance from senior management in making decisions about when and how to disclose the breach.
C. the communication plan.
Disclosure of an incident that involves sensitive data, such as PII (personally identifiable information) and PHI (personal health information), should be based on the organization's communication plan. This plan outlines the steps that should be taken when communicating about incidents, including the timing, method, and audience for the communication. The plan ensures that the incident is communicated in a consistent, controlled manner that protects the interests of the organization and its stakeholders, such as customers and employees. The senior management team may provide guidance on the communication plan, but the actual decision on disclosure should be based on the plan itself.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.CS0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
db97
2 years, 2 months ago2Fish
2 years, 1 month agoCock
2 years, 2 months agoencxorblood
2 years, 2 months agognnggnnggnng
2 years, 3 months ago