Include an incident response checklist in your security policy to address problems. It should contain the following:

  • All information needed to handle different security incidents.
  • Points of contact for the security managers, their staff, and the Chief of Information.
  • Procedures for contacting personnel.

When an incident occurs, you might want to do the following:

  • Perform an immediate backup.
  • Unplug your router from the network.
  • Disable all accounts.
  • Look for clues to the intrusion in your log files.

On the other hand, if you have a multi-layer security system, it may be best to monitor the intrusion and do nothing overt until the intruder is caught.