The first challenge in incident response is drawing the sandbox of what's in scope, how systems and information were accessed, and what was taken. The process of inventory and impact - companies will retain outside counsel who will pull in a DFIR (data forensics/incident response) partner to drive the investigation, and will use specialized firms to inventory the data (intellectual property vs. privacy impacted data, etc.) to understand which customers, and which users were impacted. From there, the analysis is done to understand where the parties are based, and what privacy laws are impacted by the compromised data.
These investigations can take weeks to months, depending on a wide variety of variables. "Right of Boom" - the actions and responses taken after the incident happens, the first priority is recovering positive control of the environment, and preventing re-compromise or further loss of control. The scope of impact often expands during that analysis. Concurrently, impacted data will be inventoried, and the notification clock starts - timelines to notifying impacted parties and data supervisory authorities or regulators.
Collection
[
|
...
]