business: response, Part 6: Investigation
Incident Response to Data Breach, Part 5: Recovery
by Brent Kirkpatrick
(Date Published: 11/27/2017. Revised: 4/30/2018.)
The first step of recovery is to reduce the risk. Make a list of all the sensitive data on your systems. Take it off-line if possible, or reduce access to it. At the same time, notify all the people whose senstive data was breached.
The second step of recovery is to identify intrusion routes. For each identified route, block it using some technical solution. Once every intrusion route is blocked, systems can be cleaned and permissions to access risky data restored.
During these two steps, close attention is paid to leadership elements. People are notified, people are brought in to manage solutions, and service goals are met. By careful attention to the soft elements of recovery, the company and its clients can recover together.
Clean-Up (TM). Incident response driven by data.
Incident Response, Part 1: Planning