Data Breach Drill 2023

A corporate training session focused on data breach management, featuring diverse professionals, charts showing data security protocols, and a digital background representing cybersecurity.

Data Breach Drill 2023

Test your knowledge about handling data breaches with our comprehensive quiz designed for professionals and stakeholders. This quiz will guide you through incident reporting, containment, recovery, and notification procedures.

10 carefully crafted questions
Learn about the responsibilities and actions required in a data breach scenario
Assess your understanding of data protection concepts

10 Questions2 MinutesCreated by GuardingData101

[Step 1 – Incident Reporting]

Timeline and responsibility – What should Mr. Tan do?

Mr. Tan should inform DPO / Cyber incident management team immediately

Mr. Tan should scour the event space immediately

Mr. Tan should inform DPO only after an attempt to find the folder fails

[Step 1 – Incident Reporting]
Reporting channel – How should Mr. Tan report the incident?

Contacting lost and found to assist with report of lost folder

Contacting Quek Chung Cheng (DPO) or emailing cyber.incident-HowSG@howdengroup.com / OR CyberIncidentReporting-HowdenSG1 on TEAMS

Contacting his direct HOD / Supervisor for further escalation if deemed necessary

[Step 2 – Triage and escalation]
How soon should the Cyber Incident Response Team conducts its Identification & Initial Assessment?

Within 1st hour of notification

Within 4 hours of notification

Within 24 hours of notification

[Step 2 – Triage and escalation]
Identification & Initial Assessment – Who should react and how?

DPO / CIMP calls for Data Breach Management team and brief about the incident

DPO / CIMP to gather further information and assess the severity of the incident

CCMC to be involved if more than 500 PII records is involved. Trigger decisions and approvals to be escalated to Group for oversight and assistance

All of the above

[Step 3 – Containment and Recovery within 4 hours]
What is the most appropriate action we can take to contain the breach?

DPO to perform voluntary disclosure to PDPC

PR / Marketing to contact original poster to remove post, and attempt to retrieve documents from the said dumpster to prevent further disclosure

Ignore the post and focus on how we can undermine the severity of the breach

[Step 4 – In depth assessment]
What should we do within 24 hours?

Marketing to inform all affected data subjects of the incident and advise them to be vigilant

DPO to perform voluntary disclosure to PDPC

DPO to assess what PD is collected on the form

[Step 5 – Notification within 72 hours]
Is this a reportable PD breach to the affected individual(s)?

Yes

[Step 5 – Notification within 72 hours]
In the event of a reportable data breach, how soon must we notify PDPC?

Without undue delay

Within 3 calendar days

After we are certain of the incident

[Step 6 – Post incident evaluation within 30 days]
What else must we do?

Educate employees on document management and to avoid collecting excessive PD unless necessary

Penalize Mr. Tan for his mistake

Do nothing and hope that similar incident does not happen again

Data Breach Drill 2023

Data Breach Drill 2023

More Quizzes