Handling a cyber security breach typically involves a process similar to incident response, but with a focus on containing and mitigating the effects of the breach. The process typically includes the following steps:

1. Identification: Detecting and confirming that a breach has occurred.
2. Containment: Taking immediate steps to stop the breach from spreading and limit the damage caused.
3. Eradication: Removing the cause of the breach, such as by disconnecting compromised systems from the network or by eliminating malware.
4. Recovery: Restoring normal system operations and data access for legitimate users.
5. Investigation: Conduct a thorough investigation of the breach to determine the cause, scope, and impact of the incident and to gather evidence for potential legal or regulatory action.
6. Remediation: Implementing steps to prevent similar breaches in the future, such as patching vulnerabilities or enhancing security controls.
7. Communication: Communicating with stakeholders, including customers, partners, and employees, about the breach, the actions are taken to address it, and the steps that are being taken to prevent similar breaches in the future.

It’s important to have an incident response plan in place and the team should be well-trained and educated in advance before any incident happens. It’s also crucial to have procedures in place for identifying and responding to potential breaches as quickly and effectively as possible, as well as a plan for communicating with stakeholders about the breach and its aftermath.