What are the steps involved in an organization's plan for a data breach?

What will be an ideal response?

---

Data breaches aren't guaranteed to happen, but they are likely to happen. As a result, organizations need to plan for data breaches. They need to rehearse what they will do when a breach happens. Executives, managers, and systems personnel must perform a walkthrough and discuss the specific steps each person will take after a breach occurs. This should be done as part of a broader business continuity planning session that discusses how to return the organization to normal operations as quickly as possible. As part of the planning process, organizations should form a computer security incident response team (CSIRT) consisting of staff from the legal and public relations departments, as well as executives and systems administrators. Coordinated pre-planning for an incident helps organizations avoid missteps like accidentally destroying evidence and issuing poorly worded data breach notices to users. Decisions must be made before the incident, not while it's happening.
Finally, as part of the planning process, organizations need to identify additional technical and law enforcement professionals that may need to be brought in to help handle the data breach. Evidence of the breach must be preserved, and the extent of the damage needs to be accurately measured.