We do what we can to secure our networks and then cross our fingers and hope it never happens to us. But what if it does? plan. This paper from the SANS Institute InfoSec Reading Room is a couple of years old but the basic principles still apply. You’ll be ahead of the game if you get out of the “prevention only” mindset and think about developing a response plan that can be put into action immediately if and when it happens.
Read it here:
http://www.sans.org/reading-room/whitepapers/analyst/breaches-happen-top-questions-prepare-35220