A security incident has occurred resulting in a possible data breach – what should be done
What happens next normally includes four, normally overlapping phases:
• Containment and recovery
• Assessment of ongoing risk
• Notification of breach
• Evaluation and response