Problem
Examine the following data breach scenario at your organization:
Your organization has - I am sorry to say - had a data breach. You know this because your CFO received a visit from the police indicating the breach occurred. You are a new employee in the Compliance Department of your organization, and you discover that your cybersecurity standards reference "instituting and executing the incident response plan." However, when you ask, you are told that there isn't a written incident response plan.
Make recommendations for how you would go about developing a plan, while in the middle of an actual breach. As a point of clarity, no incident response plan is necessary. Rather, explain how you would go about building a plan, while simultaneously pursuing a breach response. Be sure to address both of the following questions:
i. How do you know if what you're doing is reasonable? Are you doing everything you need to?
ii. How do you take the lessons learned in the current incident, as a way to make a better plan for the next breach?