Thoughts on working together, and supporting organizations

View the Project on GitHub NewAlexandria/leadership_readme

Incident Response Topics


Types of Incidents

Timeline elements for Reporting

Breach Announcement

As with all matters related to data breach, research should be kept confidential and shared only with senior leadership involved in the announcing the breach.

Time periods


Types of data revealed

Accounts, passwords, SSN, address. I think this is probably the data classes that we recently defined in the RFC for data classes.

Degree of certainty

about any of these figures, particularly the number of people impacted.

Incident Scopes

Priority Kinds

Priority #1 - Emergency/Urgent:

An Incident has caused a complete and immediate work stoppage affecting at least one primary business process or a broad group of End Users. No workaround is available.

Priority #2 - High:

An Incident has affected a business process in such a way that business functions (operations) are severely degraded, multiple End Users are impacted or key external customer is affected. A workaround may be available, but it is not easily sustainable.

Priority #3 - Medium:

An Incident has affected a business process in such a way that certain business functions are not available to End Users or external customers, or a system or service is degraded. A workaround may be available.

Priority #4 - Low:

An Incident has little or no effect on business processes or operations and can be handled on a scheduled basis (e.g., preventive maintenance). A workaround is available.

Incident will then continue with containment, eradication and post incident analysis. Bi-Yearly tabletops are held to test the program

SLA: definitions

Data breach, internal

Data breach, partner


Timetable for (minimum) yearly exercises.


Per-incident occurrence


Post mortems





For audits, most of these things will need some kind of screenshot, for proofs

Have identified press / journals, and alternatives