INCIDENT DISCUSSION QUESTIONS
Do employees know what constitutes suspicious cybersecurity activities or incidents?
Do they know what actions to take when one arises? What established processes exist for employees to report cybersecurity incidents?
Would any additional reports or notifications be made? If so, are designated points of contact identified? What incident severity level or tier is a suspicious email?
Made with FlippingBook - Online catalogs