Breach notification

Related terms

Chain of custody

The documented chronological record of who collected, handled, transferred, and examined a piece of evidence. For digital evidence, chain of custody includes...

Dwell time

The period between an attacker gaining initial access and their detection. Reducing dwell time is a primary goal of threat hunting. The...

Forensic readiness

The organisational state in which people, processes, and technology are prepared to collect and preserve digital evidence with minimum disruption to business...

Incident response (IR)

The organised methodology for handling and managing the aftermath of a security breach or cyberattack. IR encompasses preparation, detection, containment, eradication, recovery,...

Incident ticket

The structured record opened in an IT service management or case management system when an alert is escalated to an incident. It...

Lessons-learned report

A post-incident review document identifying what succeeded, what failed, the root cause, and specific recommended changes to policy, tooling, or training. Produced...

Post-incident report

The formal written account produced after an incident is closed. It synthesises the timeline log into a structured narrative covering the incident...

Proportionality

The legal principle, central to European human rights law and to many constitutional systems, that any interference with a fundamental right must...

Timeline log

A chronological, append-only record capturing every analyst action and finding during the response, time-stamped at the moment of entry in UTC. It...

Explained in these topics

• Incident Reporting and DocumentationThe legal obligation to inform regulators and affected individuals when personal data is compromised in a security incident. Timelines and thresholds differ by...
• Incident Response Goals and PrinciplesThe legal obligation, imposed by statutes such as the EU GDPR, India's DPDPA 2023, and US state laws, to notify regulators and affected individuals when person...