INCIDENT DISCUSSION QUESTIONS
What is the incident severity level or tier of this incident once multiple spoofed emails are reported? What would prompt a change in tiers? What immediate remediation and protective actions would be taken at your organization?
Who is responsible for those actions? Have these options been documented in plans?
How are they activated?
Would any additional reports or notifications be made? If so, are the primary, secondary, and tertiary points of contact identified?
Made with FlippingBook - Online catalogs