Which is a correct sequence for reporting a security incident?

• A. Wait for someone to notice.
• B. Secure the scene and follow-up after immediate action.
• C. Prepare a formal report after logging details.
• D. Immediate notification to supervisor, log details, collect evidence, prepare a formal report, notify authorities if necessary, secure the scene, follow-up.

Answer: (D)

When responding to a security incident, you want a fast, auditable path that gets the right people involved, preserves evidence, and documents what happened for follow-up and legal needs. Starting with immediate notification to the supervisor ensures the incident response is activated without delay, so the right team can mobilize, make decisions, and coordinate actions.

Logging details right away creates an initial, time-stamped record of what you’re seeing and doing. This helps maintain a clear narrative and supports later investigations. Collecting evidence next must be done with care to preserve its integrity and establish a proper chain of custody, so artifacts aren’t contaminated and can be used in any formal inquiry. After gathering information and evidence, you prepare a formal report that consolidates all findings, actions taken, and outcomes in a professional, auditable document.

Notifying authorities if necessary is a critical step when policy or law requires external involvement or regulatory reporting. Securing the scene follows to prevent further damage or tampering and to protect any remaining evidence, and then you carry out follow-up to review how the incident was handled, address gaps, and implement improvements.

This sequence is comprehensive and practical because it combines rapid escalation, solid record-keeping, careful evidence handling, formal documentation, appropriate escalation to external bodies when needed, scene protection, and post-incident learning—all in a logical flow that supports effective containment and future prevention.