Immediate Response
Isolate Affected Systems: Immediately isolate affected systems or areas of the network to prevent further unauthorised access. This helps contain the breach and limit potential damage.
Activate Incident Response Team: Activate your organisation's incident response team, which may include IT experts, legal counsel, and communication specialists. Clear roles and responsibilities should be established.
Preserve Evidence: Preserve evidence related to the breach. This may include logs, system snapshots, and any other data that could assist in investigating the incident.
Notify Management: Inform senior management or the board of directors about the breach. They need to be aware of the situation to make informed decisions regarding the response and communication strategy.
Last updated