Remember that business endures, for better or worse. Realize that the truth of what you saw will never see the light of day - it will be spun into an acceptable story and you will be bound by law to keep the secrets of someone else's failure. The real trick is to survive the process with your sanity intact.
Your first responsibility will be to create a complete and detailed timeline. Your job now is to discover and document how this happened - but not your interpretation of why this happened - as much as you want to invoke all your "I told you so!" instincts, this is not the time. A complete blow-by-blow timeline of how everything happened within your network is the primary information your command chain needs of you.
This information is what is required for legal, PR, and the board members - it should be the primary deliverable that all other workflow is derived around. Most importantly, this is what will most effectively keep management off your back. Expect to receive constant requests for updated status, but don't let updating too often get in the way of work. Do not be afraid to push back and give yourself time to report more accurate findings. Make it clear that you can either deliver inaccurate information now, or accurate information in another hour. Your job is to enable informed executive decisions at this point, so set expectations that this is your goal clearly.
Things are going to get a little crazy, requests become orders and niceties fall to the wayside. In times of crisis, sanity becomes more important than pleasantries. Studies have shown that people would rather work with unfriendly, competent people, than unfriendly, incompetent people. This effect becomes more pronounced during times of crisis; do not worry about offending people by not being nice to them, worry about not adding to the insanity.
Inevitably, you are going to end up making some judgment calls that may be above your station and tasking people that you normally would have no authority over, on the understanding you'll answer for it later on; so long as you make this clear at the time, any reasonable person should support you on this.
As the long hours and sleepless nights count up, remember that there is an end and life will return to normal once more. If public disclosure of your breach is required, know that it is a double-edged sword. You may well experience great catharsis in knowing that the truth is finally out there, but you must come to terms beforehand that the PR spin engine will be operating at full pace and you will be under a mountain of non-disclosure.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.