Repair vulnerability: most successful attacks are against known
vulnerabilities.
--apply patch
--disable service
--change procedure
--redesign system
Improve safeguard
--review them, adjust
--add new ones for new services & locations
Update detection IDS. detection as last defense P> Restoration of data. ensuring its availability, integrity, confidentiality
Restoration of services. ensuring its availability, integrity, confidentiality
Monitor for additional signs of attack
Restoration of confidence: incident plan says what info is released
when & by whom.
groups that need confidence instilled: management, stockholders,
users, partners, public.