A CISO wants a concise incident update during active containment. Which elements should be included? (Choose three.)
Trap 1: Every raw log line collected so far
Raw logs are unsuitable for executive updates.
- A
Every raw log line collected so far
Why wrong: Raw logs are unsuitable for executive updates.
- B
Containment actions completed and pending
Status shows risk reduction progress.
- C
Known decisions or approvals needed
Escalation points help leadership act.
- D
Current impact and affected services
Leadership needs business impact.