Answer
1. Assemble his team
2. Find reason for breach
3. Evaluate what was lost
4. Ensure password change
Explanation:
In case of a suspected breach, the Chief information security officer should first of all assemble his incidence response team. This team should have representatives from all areas of the organization.
Then the reason for the breach and how access was gained has to be found out. An evaluation of what has been lost in the breach would be carried out and it's likely impact on the company.
In case credentials were stolen the CISO has to ensure that the employees change passwords. Also he has to notify all the necessary parties about the breach.
The CISO has to ensure that all employees are trained properly on security and they comply to security policies.
