When a business-critical web server is compromised, the IT security department should FIRST:
A . archive the logs as evidence.
B . attempt to repair any damage in order to keep the server running.
C . notify the legal department and/or regulatory officials as required.
D . advise management of the incident.
Answer: D