It’s not yet 8:00 A.M on a Monday morning. One of the IT staff has just called, saying that the firewall audit logs and server connection logs indicate that there was a possible data breach over the weekend. As you feel the knot in your stomach tightening, you need to decide what to do to respond to this incident. Do you put a statement on your web site? Distribute a press release because of disclosure requirements? Quarantine the affected servers? Rebuild them? Power them down? Tell the IT group to see what they can find out about the source and nature of the breach? Call in outside computer forensic experts? Call the FBI to have them investigate?
Actually, if your organization had previously developed an Incident Response Plan, your first steps would be clear. Without a plan, it is easy to get the response wrong, which can damage your reputation and your business. And once trust in your organization is undermined, it is very hard to win back.