RSA is a division of EMC Corporation that provides security products to businesses and government agencies. RSA's flagship product is SecurID, a combination of two-factor authentication tokens (hardware and software) and the associated server software used in their implementation. This product aims to provide secure remote access, including access to critical infrastructure. In 2009, RSA was estimated to have “approximately 40 million tokens and 250 million versions of mobile software deployed across more than 25,000 organizations,” including banks, governments, manufacturing and pharmaceutical companies (Rashid, 2011). In this article, we will examine the 2011 RSA breach involving the SecurID product, incident response and recovery, mitigation strategies, and discuss the ramifications of these private sector breaches on management and response overall incidents. Incident ResponseRSA discovered the attack while it was still in progress. in progress (Gov InfoSecurity, 2011). Once discovered, RSA's IT incident response team began monitoring the attackers to determine the extent of the breach, discovering that data relating to their SecurID tokens had been exfiltrated (Rivner, 2011). Art Coviello, executive chairman of RSA, describes the discovery by saying: “We were disappointed when we realized they had exfiltrated information related to SecurID, and then we went totally into customer-focused mode. [We asked] how are we going to communicate this to customers, how are we going to ensure that we mitigate any potential risks, what exactly is the risk” (Espiner, 2011). RSA has begun strengthening its IT infrastructure to mitigate any further damage. However, there does not appear to be any public data on specific tightening measures taken by RSA. RSA publicly announced... middle of article...... November 12, 2011, by Gartner: http://blogs.gartner.com/avivah-litan/2011/04/01/rsa-securid-attack -details-unveiled-they-should-have-known-better/Rashid, F. (March 18, 2011). RSA notifies SecurID customers of any data breaches. Computer security and network security news. Accessed November 14, 2011, from http://www.eweek.com/c/a/Security/RSA-Warns-SecurID-Customers-of-Data-Breach-395221/Rivner, U. (April 1, 2011). Anatomy of an attack. In RSA. Retrieved November 10, 2011 from http://blogs.rsa.com/rivner/anatomy-of-an-attack/RSA. (2011). Actions required for SecurID installations. Retrieved November 12, 2011, from SEC: http://www.sec.gov/Archives/edgar/data/790070/000119312511070159/dex992.htm Schwartz, N. and Drew, C. (June 7, 2011). Rsa Security Faces Angry Users After Breach. Retrieved from http://www.nytimes.com/2011/06/08/business/08security.html?_r=1&pagewanted=all