1. Designated "Single Point of Contact" (“SPC”) 1.1. Incident Response Team 1.2. Incident Response Team Members 1.3. Incident Response Team Roles and Responsibilities 1.4. Incident Response Team Notification 2. Breach of Personal Information - Overview 2.1. Definition of a Security Breach 3. Requirements 3.1. Information Owner Responsibilities 3.2. Location Manager Responsibilities 3.3. When Notification Is Required 4. Incident Response – Breach of Personal Information 4.1. Technology Operation Center 4.2. Office for Central Information Security 4.3. Customer Database Owners 4.4. Web Banking Department 4.5. Credit Payment Systems 4.6. Legal 4.8. Human Resources 4.9. Network Architecture 4.10. Public Relations 4.11. Location Manager

5. Incident Handling Step-by-step 5.1. Documentation Logs 5.2. Determine If It Is Real? 5.3. Scope 5.4. Incident Communications 5.4.1. Explicit Notification 5.4.2. Factual Notification 5.4.3. Choice of Language 5.4.4. Notification of Individuals 5.4.5. Public Relations - Press Releases 5.5. Who Needs to Get Involved? 5.6. Containment 5.7. Evidence Handling 5.8. Chain of Custody 5.8.1. Collection of Evidence 5.8.2. Collection/Storage of Evidence 5.8.3. Storage of Evidence 5.9. Eradication 5.10. Recovery 5.11. Follow-up 5.12. Legal Affairs

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

For more information contact Skype; Mark_E_S_Bernard

Twitter; @MESB_TechSecure LinkedIn; http://ca.linkedin.com/in/markesbernard