Use your computer fearlessly.




Mission Services Articles Research





business: response, Part 5: Recovery


Incident Response to Data Breach, Part 4: Strategy

by Brent Kirkpatrick

(Date Published: . Revised: 4/27/2018.)



Use strategic elements wisely.



Strategy consists of small movements whose timing maters in the management of a breach. The strategic elements of a breach include:

  • documentation of breach,
  • announcement of a breach,
  • rebooting computers,
  • re-installing operating systems, and
  • upgrading software.
While each strategic item involves timing, the expense varies.

Documentation of the breach and of the hacker's intrusion vectors is crucial. This documentation allows you to interpret primary evidence, defend your network, and defend yourself in court. Should the hackers ever be identified, this documentation aids the prosecution.

The announcement of a breach is strategic. It cares with it the attendant risk of increased hacking. By the principle of responsible disclosure, you should contain your risk before announcing. This means removing highly sensitive information from hacker-controlled computers and blocking the worst of the intrusion routes.

Rebooting computers is a strategic way to clear exploits out of active memory. A simple security measure is to reboot once or twice a day at irregular times for the duration of the attack.

Re-installing operating systems is a strategic way to clear exploits off the hard-disk. When done very carefully, this usually yields a computer that is clean until re-infection. This is more expensive than rebooting.

Upgrading software can strategically improve security. However, if your network is compromised, this may lead to further compromise. For example, trojan updates might lead to more cyberattacks.

These strategic elements matter in their timing. They can be employed to keep the hackers off balance. The effective use of these strategic elements is termed clean-up.


Clean-Up. Incident response driven by data.


Business Articles:

Incident Response, Part 1: Planning
Incident Response, Part 2: Response
Incident Response, Part 3: Coordination
Incident Response, Part 4: Strategy
Incident Response, Part 5: Recovery
Incident Response, Part 6: Investigation
Incident Response, Part 7: Evolution

Cascading Data Breaches
Incident Response Plan
Why Clean-Up Hacking?
Rapid Containment of Intrusions













What Is New? | Contact | Tips


© 2015, 2016, 2017, 2018 Intrepid Net Computing. All rights reserved.