"Network Security Management-Unauthorized Access- Word count 300 Your incident response team reports to you (the CISO) in real time an alert that

"Network Security Management-Unauthorized Access- Word count 300Your incident response team reports to you (the CISO) in real time an alert that indicates that a large, encrypted file is being downloaded to an external system by an internal user. They do not know the contents (its encrypted), but you know the user has access to very sensitive information. You have to decide immediately whether to stop the download in process, or continue to monitor and collect further evidence. What are the things you should consider in making this decision, and based on your choice, what would be your follow-up actions? (Obviously the answer has to be taken in the context of a specific enterprise, and with knowledge of the kind of information the user has access to. You may respond either in general, in terms of a specific real world situation, or in terms of a fictitious situation, such as if it happened where you work.)"