Back to Playbooks

Data Theft

Comprehensive incident response playbook for handling data theft and exfiltration incidents. Covers detection of unauthorized data access, insider threat assessment, exfiltration channel analysis, containment of data loss, regulatory notification, and post-incident improvements based on the NIST Computer Security Incident Handling Guide (SP 800-61). Addresses scenarios including DLP policy violations, unauthorized cloud uploads, USB transfers, email exfiltration, and compromised credential-based data access.

v1.0.0

This playbook follows the NIST Incident Response Framework with 7 phases and 14 total steps.

Response Phases

Click a phase to view its steps, or click a step to view its flowchart