Response Process

• Contain the breach

  • What is it?

  • What is the scope (1 system or many)

  • Isolate compromised systems

  • Report to ISO, management & CSCIC

• Identify what happened & how

  • Review logs