A CISO must explain a data breach to the board of directors. Which information should be emphasized to demonstrate proper incident response?

  1. Technical details of the vulnerability exploited
  2. Timeline of detection, containment measures, and customer notification process ✓
  3. Names of employees responsible for the breach
  4. Cost of the breach compared to insurance coverage

Correct answer: Timeline of detection, containment measures, and customer notification process

When presenting to a board of directors, the most valuable information is a clear incident response narrative: when the breach was detected, what containment steps were taken, and how affected customers were notified, because boards need to assess legal exposure, regulatory compliance, and organizational competence, all of which Option B addresses. Option A is incorrect because technical vulnerability details are important for technical staff but are rarely actionable or meaningful to a board audience and can distract from governance accountability. Option C is incorrect because naming responsible employees shifts focus to blame rather than systemic improvement and exposes the organization to additional legal risk. Option D is incorrect because framing a breach primarily around insurance coverage suggests reactive financial thinking rather than mature security governance.

Topic: · incident response, executive communication, breach notification, cysa+

Practice CompTIA CySA+ (CS0-003) Questions Free