“As a security professional, I have seen a wide variety of best practices for incident response. The methodologies vary greatly based on the sensitivity of the data, requirements to notify law enforcement, etc. Best practices recommendations exist from non-profit security organizations through to regulatory compliance initiatives, but all suffer from the same problem—they are painfully too high level to actually execute."