Your company's internet-facing systems are under a massive DDoS attack, which is preventing customers connecting to your web site to place orders or obtain services.

You convene an incident response team, consisting of the CEO, CIO, CISO and CFO, all sitting around the boardroom table. Each of you has a laptop which is showing instant messages from the SOC team, emails from other people like the web site administrators, the customer service centre staff and from major customers. Your cellphones are ringing continually with updates from your various departments, and the Polycom conferencing system phone in the middle of the table is ringing every minute or two as well.

What is the best thing you can do next?

Select one:

a. Use an OODA loop to prioritize your responses

b. Switch all your devices off and each separately work on one aspect of the problem

c. Discuss each message among yourselves before responding

d. Have the SOC provide you with a list of the IP addresses originating the attack