When a security breach or business interruption occur, the life cycle from the start to the end are the same. First and foremost you must be prepared and have a plan in place. Included in that plan is a being able to know that the event or incident has occurred. Then react to what has happened and get back to normal operations as quickly as possible.
After everything is back to the way it should be there should always be a post event analysis to find out what worked, what did not, and what could be done better.