[CentOS] What to do when you've been hacked?

Mon Jan 25 18:04:19 UTC 2016
Benjamin Smith <lists at benjamindsmith.com>

No, we haven't been hacked. ;) 
We have a prospective client who is asking us what our policy is in the event 
of unauthorized access. Obviously you fix the system(s) that have been 
compromised, but what steps do you take to mitigate the effects of a breach? 
What is industry best practice? So far, searches haven't produced anything 
that looks consistent, except maybe identity monitoring for financial data. 
(EG: Target breach) 
We host a significant amount of educational data, but no financial information. 
How would we even respond to this question? 
I've also posted this question at 
https://www.reddit.com/r/linuxadmin/comments/42mi1r/what_to_do_when_youve_been_hacked/
Thanks,
Ben