Mr. Link suggests that the organization and even the security team go through the 5 stages of grief identified by Elizabeth Kubler-Ross in her book On Death and Dying:
Denial, Anger, Bargaining, Depression, and Acceptance.
There was no data breach, was there? It wasn’t that big?
How the [expletive deleted] did this happen?
How about a second chance? This won’t happen again.
What are we going to do now? How will this affect our business?
Once a data breach is an accepted fact, the post mortem (to continue with the death metaphor) can begin.
Ricky Link is the Managing Director for Coalfire in the Dallas, Texas office. His article provides valuable insight when dealing with a data breach. He also provides a table with the 17 major data breaches in 2014 with over 313 million records exposed across the 17 breaches.
We don’t recommend reflecting the 5 stages of grief in your incident response plan, but it makes sense to recognize the stages during plan development. What actions advance the response beyond these gates?
Let us help you with a cybersecurity incident response plan review so your plan moves incidents rapidly to an optimal resolution.