This snapshot, taken on 26/07/2008, shows web content selected for preservation by The National Archives. External links, forms and search boxes may not work in archived websites.
 
 26 July 2008
Department for Innovation, Universities and Skills (DIUS)
 
You are here:
 

Recovery

As with any other type of information security incident, recovery is easier when it is approached in a structured way.

Some questions to be answered immediately are:

  • What's been stolen?
  • Is it ongoing?
  • How long has this been going on?
  • Who knows about it?
  • Should you call the Police?
  • Do you need to preserve evidence?

A good starting point is to check our Incident Response Home Page or go direct to Incident Response  procedure, Incident Reporting  or Forensics  pages.

Other actions depend on the scale and potential impact of the theft. For example, if the theft has affected your business to the extent that it has caused a systems failure, do you need to invoke a Business Continuity Plan

If there are legal concerns, or you suspect insider involvement, ensure that Human Resources become involved, and that you are aware of the implications. Check Legislation and HR Issues  for further information.

© Crown copyright 2008