I meant those as a sequence of steps to remedy the current problem. e.g., "(1) Take everything offline" is a limited duration step to allow restoring from backups and fixing of security flaws before going back online in step "(5) Carefully open minimal external networking".

"Take everything offline" (permanently!) would be a very good security precaution, but totally unworkable in today's world. Employees should remotely accesses company infrastructure via VPN at a minimum, with customers accessing only what customers need to access in a totally isolated area (cloud instances, or whatever). Customers may need to see their accounts, but you don't implement that by giving them access to your internal billing database. Even if you have roles and security defined (which you should,for employees), you still don't give customers the chance to even touch your internal infrastructure. It is certainly easier and more convenient to do so, but there goes your security if you travel down that path.