# Data Breach Response (Asset-Focused) One-sentence definition: Coordinated actions to contain, assess, notify, and remediate when sensitive data is exposed. ## Key Facts - Identify data types, volume, jurisdictions, and affected parties. - Contain exfil paths; rotate secrets; revoke tokens/keys. - Forensics and chain of custody; preserve evidence. - Notification timelines vary; coordinate with counsel/privacy. - Remediate: hardening, user resets, DLP rules, awareness. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Pick first steps focusing on data at risk and obligations. **Mnemonic:** “**Find → Fix → Notify → Fortify**.” ## Mini Scenario Q: Public bucket with PII found—first three actions? A: Restrict access, assess scope/data types, engage legal/privacy. ## Revision Checklist - List 4 scope elements. - Name two immediate containment actions. - Tie to notification requirement. ## Related [[Incident Response Overview (NIST 800-61)]] · [[Evidence and Chain of Custody]] · [[Data Residency and Sovereignty]] · [[Object Storage Security (Buckets, Versioning, Immutability)]] · [[Data Loss Prevention (DLP)]] · [[Domain 2 - Index]]