Repair vulnerability: most successful attacks are against known
--review them, adjust
--add new ones for new services & locations
Update detection IDS. detection as last defense P> Restoration of data. ensuring its availability, integrity, confidentiality
Restoration of services. ensuring its availability, integrity, confidentiality
Monitor for additional signs of attack
Restoration of confidence: incident plan says what info is released
when & by whom.
groups that need confidence instilled: management, stockholders, users, partners, public.