The IT auditors wrote us up for the following:

"Develop an intrusion response plan to address steps to respond and research a possible intrusion while minimizing damage and preserving evidence. Plan steps should address management and Board reporting, law enforcement and regulatory notification, and customer disclosure."

Does anyone have such a plan they would be willing to share.

Thanks!

You can find some heplful information here:
http://www.cert.org/security-improvement/modules/m06.html#summary.recommended.practices