Following a breach, what is the BEST source to determine the maximum amount of time before customers must be notified that their personal information may have been compromised?
Following a breach, what is the BEST source to determine the maximum amount of time before customers must be notified that their personal information may have been compromised?
The best source to determine the maximum amount of time before customers must be notified that their personal information may have been compromised is industry regulations. Industry regulations are legally binding rules set by governmental or regulatory bodies that dictate specific requirements and standards for various aspects of operations, including data breach notifications. These regulations are designed to provide clear and enforceable guidelines on how organizations should manage and respond to data breaches, including timelines for notifying affected customers.
i think D makes more sense. Regulations would matter more when it comes to deciding the maximum.
answer should be D
C. is correct: “Following a breach ,..” is the key phrase here. It is about the best source for an urgent operational action and not about which is the best source to create the incident response plan. A Google search with operator 'site:isaca.org' and search term 'incident response plan' gives us an ISACA QAE compliant answer. An incident response plan has to be created according to different ‘incident response models’ depending on the industry. In other words, by the time the operational issue arises, the industry-related regulations have long been integrated into the incident response plan and the only thing left to do is to act accordingly. And the best source for this at the time of "following a breach..." is the incident response plan.
The question talking about breach, C could be correct.
regulartion should be top priority than others, otherwise, what s the point of this notifcation sooner or later?
D for sure
Following a breach, what is the BEST SOURCE to determine the maximum amount ...
I think the source is the incident response plan. While dealing with an incident do you want to look up breach notification research, best practices, industry standards and my not be right for your company.
the best source to determine the maximum amount of time before customers must be notified after a data breach is industry regulations.
C is correct. When you create incident response plan you add this detail
Who should know the maximum time? The regulator, the auditor or the person who responsible for handling the incident?
This is not subject of industry regulations.