Guest
Is it compulsory to record attendance at this training? Would an ISO 27001 auditor require such a record?
One of your questions/answers () is incorrect according to typical security best practices. If the security of a website has been compromised, you should absolutely not long in immediately if they have not told you to. While you might consider changing passwords on any other site where you've used the same one, logging in and updating it on a site that may still have an incident in progress only increases your risk."