After a breach, what should Selah do if her organization's private keys were exposed?

When an organization's private keys are exposed, the most immediate and critical response is to revoke the certificates associated with those keys. This is because the security and integrity of the communications secured by those certificates can no longer be trusted, leading to potential impersonation or unauthorized access if they remain valid.

Revoking the certificates places them on a certificate revocation list (CRL), informing systems and users that those certificates should no longer be accepted as valid. This step is essential to mitigate further risks and to ensure that any subsequent communications are protected using secure and trustworthy keys.

While reissuing the certificates could be a part of a recovery procedure, it cannot effectively address the risks introduced by the initial exposure until the compromised certificates are revoked. Encrypting the certificates does not resolve the issue of exposure, as the private keys are already compromised. Notifying users about the breach is important for transparency and ongoing security practices but does not immediately mitigate the risk posed by the exposed keys; thus, it cannot take precedence over revocation.