Use your computer fearlessly.




Mission Services Articles Research





business: response, Part 6: Investigation


Incident Response to Data Breach, Part 5: Recovery

by Brent Kirkpatrick

(Date Published: . Revised: 4/30/2018.)



Remediate data breach by mitigating risk.



Recovery from breach is a process of reducing risk and blocking intrusion routes. Companies need to prevent siloing of response and recovery in IT, because the IT people may not know the big-picture risks. The European Union is so concerned about the big risks associated with data breach that their new GDPR law formalizes the role of a data protection officer who identifies and monitors sensitive data.

The first step of recovery is to reduce the risk. Make a list of all the sensitive data on your systems. Take it off-line if possible, or reduce access to it. At the same time, notify all the people whose senstive data was breached.

The second step of recovery is to identify intrusion routes. For each identified route, block it using some technical solution. Once every intrusion route is blocked, systems can be cleaned and permissions to access risky data restored.

During these two steps, close attention is paid to leadership elements. People are notified, people are brought in to manage solutions, and service goals are met. By careful attention to the soft elements of recovery, the company and its clients can recover together.


Clean-Up. Incident response driven by data.


Business Articles:

Incident Response, Part 1: Planning
Incident Response, Part 2: Response
Incident Response, Part 3: Coordination
Incident Response, Part 4: Strategy
Incident Response, Part 5: Recovery
Incident Response, Part 6: Investigation
Incident Response, Part 7: Evolution

Cascading Data Breaches
Incident Response Plan
Why Clean-Up Hacking?
Rapid Containment of Intrusions













What Is New? | Contact | Tips


© 2015, 2016, 2017, 2018 Intrepid Net Computing. All rights reserved.