A crisis unmasks everyone.

—Mason Cooley, professor, aphorist

Chances are, if it hasn't yet happened, it will. Maybe a breach has occurred and it just hasn't been uncovered; this is as common as it is disturbing. Sometimes a worst-case scenario doesn't look that way at first. It's sort of like looking at a spitting cobra through a window only to discover too late that one of the panes is missing. The experience may be interesting, terrifying, even mesmerizing. And then you feel the sting, followed by immense pain.

This chapter is intended to provide a general outline for responding to a cyber breach. It is not a specific, defined breach response to every situation. Not all companies are the same, and not all breach events are the same. Attacks are launched against different targets by different attackers in various countries. Even motive from one attack to the next varies, sometimes greatly. Enterprise preparedness is extremely variable, ranging from very good to virtually nonexistent. Preparedness is interpreted differently. Some organizations don't see much risk, others become consumed by it. Some companies strive to be compliant with industry guidelines and meet a variety of government regulations, while others remain unaware of the regulations or intolerant of them. Being prepared means different things to different people. In the absence of specified recommendations, interpretations are derived based on an organization's ...