2. Start your timeline:
Identify when you first knew there was a breach and a response began, this should
also include the people who were made aware of the breach at this time.
1.
3. Assemble your team:
Even if there isn’t a team that exists formally for this task you’ll have a fair idea of the
roles that will be involved from your leadership to IT, HR and corporate
communications as well as any third party service providers.
2.
4. Try to plug the leak:
If you’ve been able to identify the source then move any of those machines offline,
so they’re disconnected but still up and ready to be accessed internally if
necessary.
3.
5. 4. Document everything:
Who discovered the breach, the nature of the breach, who was it reported to, who
else in the organisation or outside is aware of it. Having information like this to hand
could end up being vital, especially if the incident becomes public knowledge.
6. Begin your investigation:
This will most likely involve your IT teams and service providers and make use of the
forensic tools you’ve invested in.
5.