'Would you tell me, please, which way I ought to go from here?'  

'That depends a good deal on where you want to get to' said the Cat.

"I don't much care  where--' said Alice.

'Then it doesn't matter which way you go,' said the Cat.  '--so long as I get somewhere,' Alice added as an explanation.

'Oh, you're sure to do that,' said the Cat, 'if you only walk long enough.'

STEP 1.

Evaluate the use of the Internet

Evaluate the type of connection

Understand the current business use of the Internet

Understand how you use email

Knowing how to respond to a security incident can save your customer and clients time, money and even their reputation.

But incident response planning is one of those best practices that rarely gets done, probably because it's viewed as costly and it's an admission that something could go wrong. The first assumption is incorrect, and the latter is deadly accurate, as evidenced by FleetBoston and other organizations forced to put their plans into action.

Unless a company creates a dedicated team for security (not always necessary), a response plan is cheaper than most CFOs would think.

The first step is pulling together an incident response team. Everyone across the organization needs to know how they should react to a security breach, so there must be a centralized process to report, respond to and track incidents.

A key element of the plan is deciding ahead of time who's in charge of response and which people can pull the plug on the website or network, if required.

Have your perimeter access (internet IP's) tested for KNOWN vulnerabilities to identify what your existing level of security and what you may be vulnerable to then begin testing on a regular basis to ensure continuing security diligence.