...
identify potential cyber-attacks or data security violations
keep track of signs/symptoms to start the incident response procedures (e.g. logins at unexpected times or from unexpected locations, external information in case of data breaches etc.)
answer the following questions
When did the attack/violation happen?
Who found out about it and how?
Which parts of the system are affected?
Has the cause/vulnerability already been identified?
What are the impacts on the production system?
Data Breach Registration Form: https://docs.google.com/spreadsheets/d/1ebellVqEob6GZPTE982pdXcpk6ZgQLRsunvtWoTii7Q/edit?usp=sharing
3. Containment
contain the attack/violation and prevent that additional areas/systems are affected
secure production system efficacy on highest possible plateau
secure information that may lead to identifying the responsible party and root cause
make security backups of all affected systems for later inspection and analysis, internally and/or externally
inform all affected staff and third parties as applicable and agreed in the according data processing agreements
...