How does a business prepare effectively for responding to data breaches? What protocols should they have in place?
There could be multiple answers to your question based on how your environment is set up. You have edge defense (firewalls, IDS, IPS like ngfw palos and fidelis), you have endpoint like av or edr (sentinel 1 or symantec or carbon black etc). There are also various other tools out there that are apt or malware finders and ones that look at log sources..then on tracking incidents you have the servicenow /remedy side..
Incident Response Plan or Workflow
Incident Classification and Prioritisation book
The right People Process and Technology
Efficient SOC strategy
As the appropriate policy may vary depending on the country, business size and sector, please contact me directly at firstname.lastname@example.org to provide me with your country, time zone and Skype and/or WhatsApp contact details and I’ll be happy to discuss the subject.