Although breaches of information security are not a new phenomenon, the methods used to perpetrate such breaches have changed considerably over the years. Leaking information to non-authorized people has always been an issue but, in the computer age, the speed and effectiveness with which breaches of information security can occur, and the amount of harm potentially caused are disturbing. Typically, also, they favor the perpetrator, not the victim. Modern companies depend on their IT systems, and it is clear that special care needs to be taken to keep systems safe and secure. This guide focuses solely on the aspects of re-establishing that safety and security once, despite all measures taken, a breach has occurred. We put breaches of information security in the context of ISO27001 which, since its inception as former British Standard 7799 in the late eighties, has provided a framework of requirements well suited to the effective implementation of counter-measures and measures designed to protect information in all its forms (whether on paper, in the spoken word, or within the IT sphere). This pocket guide outlines a process and its elements for the treatment of severe breaches, and places them in the context of the associated ISO27001 controls. It provides input for decision making and breach classification, and case studies where the reader can check out how other companies were affected and what they did, or did not do, upon becoming the victim of a breach. This guide is aimed at CSOs, CISOs, IT Security Managers, CIOs and, last but not least, CEOs. It particularly addresses personnel in non-IT roles, in an effort to make this unwieldy subject more comprehensible to those who, in a worst-case scenario, will be on the receiving end of requests for six- or seven-figure excess budgets to cope with severe incidents.