New iPad Pro, Microsoft Surface Pro or $550 Off with SANS OnDemand or vLive - ends July 12!

IDFAQ: What are the steps to handle an incident?

More than 90 experienced incident handlers agreed on the following steps:
  • Remain calm; don't hurry.
  • Notify your organization's management.
  • Provide a game plan (with options if possible).
  • Apply need-to-know.
  • Use out-of-band communications; avoid email and other network-based communications channels.
  • Take good notes, good enough to serve as evidence in a court of law.
  • Contain the problem; pull the network cable.
  • Back up the system(s), and collect evidence.
  • Eradicate the problem and get back in business.
  • Lessons learned, apply what you have learned.