A security analyst discovers that a user's account has been used to access sensitive data outside of normal business hours from an unfamiliar IP address. The user claims they were not logged in at that time. Which security operations process should be initiated first?
Select one:
ISC2 often tests the misconception that immediate account disabling or password reset is the correct...