A Security Operations Centre (SOC) manager is informed that a database containing highly sensitive corporate strategy information is under attack. Information has been stolen, and the database server was disconnected.
Who must be informed of this incident?
The data owner is responsible for the data and its protection. In the event of a breach involving highly sensitive information, the data owner needs to be informed promptly to take necessary actions such as incident response, impact assessment, and decision-making regarding further notifications and mitigation steps. They can then coordinate with other relevant parties as needed.
Who is being notified about such breach must be defined in the security inc. man process. Stolen DB information implies a security breach meaning inc can be treated as major. Exec team must get notification for all major inc. especially for the security ones
If we do not pick "All executive staff" it will compromise the question integrity.
for me a major incident and a data breach, i would certainly get executive staff onboard
B. The data owner The data owner is responsible for the data and is the primary stakeholder in terms of understanding the sensitivity and importance of the data. Informing the data owner promptly allows them to take appropriate actions, such as initiating an incident response, assessing the impact, and making decisions regarding further notifications and mitigation steps. The data owner can then coordinate with other relevant parties, such as internal audit, executive staff, and government regulators, if necessary.