...
- Temporarily locking a user's account, to limit damage to their personal information and resources
- Locking multiple accounts to prevent damage from spreading to new accounts or devices
- Taking one or more devices physically (or virtually, via software) off the network, to prevent intrusion
- Removing unauthorized software ("malware")
- Reimaging/rebuilding affected machines, resetting them to a "known good" state
- Requesting that a user, or set of similar users, update software, in order to secure a device they are responsible for
- See also PII disclosure response procedure below
...
(PII response plan temporarily deleted while being worked on and edited; must be re-included fromĀ /wiki/spaces/itskb/pages/26219533)
...
Richard Goerwitz
January 2018
...