RSA is a division of EMC Corporation that provides security products to businesses and government agencies. RSA's flagship product is SecurID, a combination of two-factor authentication tokens (hardware and software) and the associated server software used in their implementation. This product aims to provide secure remote access, including access to critical infrastructure. In 2009, RSA was estimated to have “approximately 40 million tokens and 250 million mobile software versions deployed across more than 25,000 organizations,” including banks, government, manufacturing, and pharmaceutical companies (Rashid, 2011). In this paper we will review the 2011 RSA breach involving the SecurID product, incident response and recovery, mitigation strategies, and discuss the ramifications of such private sector breaches on overall incident management and response. RSA Incident Response discovered the attack while it was still in progress (Gov InfoSecurity, 2011). Once discovered, RSA's Computer Incident Response Team began monitoring the attackers to determine the extent of the breach, discovering that data related to their SecurID tokens had been exfiltrated (Rivner, 2011). RSA Executive Chairman Art Coviello describes the discovery by saying, “We were disappointed when we realized that they had exfiltrated information related to SecurID, and then we went completely into customer focus mode. [We asked] how are we going to communicate this to customers, how are we going to make sure we mitigate any potential risk, what exactly is the risk” (Espiner, 2011). RSA has begun hardening its IT infrastructure to mitigate any further damage. However, there appears to be no public data on what specific strengthening measures have been undertaken by RSA. RSA publicly announces...... half of document ...... December 12, 2011, from Gartner: http://blogs .gartner.com/avivah-litan/2011/04/01/rsa-securid- attack-details-unveiled-they-should-have-known-better/Rashid, F. (2011, March 18). RSA notifies SecurID customers of data breach. IT security and network security news. Retrieved November 14, 2011, from http://www.eweek.com/c/a/Security/RSA-Warns-SecurID-Customers-of-Data-Breach-395221/Rivner, U. (2011, April 1). Anatomy of an attack. In the RSA. Retrieved November 10, 2011, from http://blogs.rsa.com/rivner/anatomy-of-an-attack/RSA. (2011). Actions required for SecurID installations. Retrieved November 12, 2011, from SEC: http://www.sec.gov/Archives/edgar/data/790070/000119312511070159/dex992.htmSchwartz, N., & Drew, C. (2011, June 7). RSA Security Faces Angry Users After Breach. Retrieved from http://www.nytimes.com/2011/06/08/business/08security.html?_r=1&pagewanted= all