Crisis Management

What happened?
• secure logging: verification and access
• tracebacks: time sensitive issues, documentation,liaison with ISPs
• audit trails: combine logs to establish timelines
• damage assessment: better safe than sorry!
• inform appropriate authority

  Contingency Plan

• is it relevant?
• does it work?

  Media Management:

• one spokesman: designated in Contingency Plan
• one story

  Backups

• verify: contaminated backups are worse than no backups
• modify: fix any faults that resulted in system compromise
• rollback: back out transactions to 'known clean' state
• test: are we ready to turn it on ...

... if so, we have recovery!