security breach

Background: Knowing the difference between an event, which is an observable occurrence in a system or network, and an incident can make the difference in terms of response. An event can be malfunctioning hardware, file corruption due to aging disks, etcetera; whereas an incident requires a violation of an organization security policies and posture (She-Jan, 2015).

Address the following:

If you are in charge of information security for a number of nuclear facilities that have just faced a security breach by a terrorist organization and some of the industrial controls systems have been affected. What do you do for incident handling?

Examine all steps in the incident response process and analyze what is entailed within each step.
A well-defined incident response plan should include detailed information about each phase of an attack. The six critical phases of incident response are preparation, identification, containment, removal, recovery, and learning from mistakes.
Include a mention of if/when law enforcement and/or government agencies should be contacted during the breach, along with the appropriate phase. Support statements and reasoning in the explanations with scholarly research.