Professional Documents
Culture Documents
Determine Core
Ops Team Vulnerability Threat Risk
Manager Manager Manager
& Define Roles
Review &
Maintain Timeline
Next
Step
D E T E C T - D ATA T H E F T
Prev
Step
Reports of removable
and/or mobile devices
being used to copy data Request Packet
Capture
Conduct Scans
Next
Step
A N A LY Z E - D ATA T H E F T
Prev
Step
Products/goods
Public or personnel Customers are affected
/services are affected by
safety affected by this incident Determine Patch
this attack
Methods
Ability to control /
record/measure/track There is indication of There is internal
any significant amounts who performed the data knowledge of this
of inventory/products / theft incident Log Collection
cash/revenue is lost
Analysis
Next
Step
C O N TA I N - D ATA T H E F T
Next
Step
E R A D I C AT E - D ATA T H E F T
Prev
Step
Direct Conference
Phone Call Call
In-Person Intranet
Meeting Meeting
Communications
Mobile Internet
Messaging Meeting
Next
Step
R E C O V E R - D ATA T H E F T
Prev
Step
Identify ways to
Recover Systems Reimage IDS/IPS &
Firewall Updates
mitigate further
removal of data
Coordinate AV
Incident Wipe & Baseline
Scan host with Scan File Share Remove updates to be
updated with updated Vulnerabilities & pushed upon
Remediation System
Signature Signature Update Routers release from AV
Vendor
Next
Step
P O S T- I N C I D E N T - D ATA T H E F T
Prev
Step
Sensitive
Electronic Personal
Incident Review Health Information
Government
Information
(ePHI) Compromised?
Compromised?
Response Workflow
Updated