Cyber and Data Breach Management
Plan strategies and ways to prevent, detect, respond to, contain, investigate, and recover from cybersecurity incidents and data breaches—while meeting legal/regulatory obligations, coordinating stakeholders, and strengthening controls to reduce future risk.
Proficiency Level
Level 1 (Follow)
- Recognise common cyber and data-breach indicators (phishing, malware alerts, unusual access) and reports immediately via correct channels.
- Follow security and data-handling rules (password hygiene, MFA, clean desk, secure sharing) and avoids risky behaviours.
- Preserve evidence by not deleting suspicious emails/files and by following “do’s and don’ts” during incidents.
Level 2 (Assist)
- Execute assigned response steps (isolate device, reset credentials, revoke access, notify stakeholders) according to SOP/runbook.
- Support incident documentation (timeline, impacted systems/data types, actions taken) and maintains clear handover notes.
- Assist in basic containment and recovery activities under guidance (patching, access review, user comms, backup restore checks).
Level 3 (Apply)
- Response for incidents within scope: triages severity, coordinates containment, and drives recovery to agreed service targets.
- Conduct structured investigation (root cause, attack vector, affected data) and ensures evidence handling meets internal requirements.
- Prepare stakeholder communications (management, users, customers) with accurate status, risk, and next steps in plain language.
Level 4 (Ensure)
- Lead major incident / breach response across IT, Security, Legal, HR, Comms, and business units; establishes command structure and decision cadence.
- Manage regulatory and contractual obligations (notification thresholds/timelines, reporting content, customer/vendor coordination) with appropriate advisors.
- Drive enterprise improvements post-incident: control enhancements, security architecture changes, training, and testing of incident response plans.
Level 5 (Strategise)
- Set organisational strategy and governance for incident & breach management (policies, playbooks, metrics, assurance) aligned to risk appetite.
- Anticipate evolving threat landscape and ensures readiness through threat modelling, red teaming/tabletops, and resilience investment prioritisation.
- Build a strong security culture and operating model (roles, competencies, vendor ecosystem, SOC/IR maturity), continuously improving detection-to-recovery performance.