The U.S. Department of Justice has released a helpful set of “best practices” for planning for and responding to cyberattacks.  The guidance – drafted by  DoJ’s Computer Crime and Intellectual Property Section – offers more concrete and specific guidance for companies than the National Institute of Standards and Technology (NIST)’s Cybersecurity Framework, though its focus is more limited.  Companies would be wise to consult the guidance as they formulate their cyber incident response plans and evaluate their state of readiness.  In Best Practices for Victim Response and Reporting of Cyber Incidents, DoJ offers advice on what steps to take before an attack occurs, how best to respond to an incident, and what to do after an incident.  (The advice will ring a bell for anyone familiar with Steptoe’s Data Breach Toolkit, which may be why we like it.)