Which of the following actions is NOT a good practice when dealing with a suspected data breach?

Disclosing a breach immediately to the media is not considered a good practice in incident response. This approach can compromise the integrity of the investigation and can lead to misinformation, panic, or additional reputational damage before all facts are known. Instead, effective incident response emphasizes maintaining an internal focus first—assessing the situation, collecting detailed data about the breach, and communicating carefully with stakeholders as appropriate.

The other practices listed are vital for managing a suspected data breach effectively. Maintaining communication with stakeholders ensures that all parties are informed and can respond appropriately. Documenting findings is essential for understanding the breach and for legal and compliance reasons. Isolating affected systems helps contain the breach and prevents further spread of the incident, thereby protecting other areas of the network. Together, these actions contribute to a structured and controlled response to mitigate the impact of the breach.