2. During the investigation, the licensee, outside vendor, or third-party service provider the licensee has designated to act on behalf of the licensee, shall, at a minimum, determine as much of the following as possible:
- a. Confirm that a cybersecurity event has occurred.
- b. Assess the nature and scope of the cybersecurity event.
- c. Identify all nonpublic information that may have been compromised by the cybersecurity event.
- d. Perform or oversee reasonable measures to restore the security of any compromised information systems in order to prevent further unauthorized acquisition, release, or use of nonpublic information that is in the licensee’s possession, custody, or control.