Regarding planning, Mason said no matter who is overseeing investigations and who the stakeholders are, "they should be meeting regularly -- one or two times a month -- to discuss issues and how things are being handled and who may need assistance. The dialogue is especially critical these days as threats continue to morph."
He added that every department in an organization, even if it is not directly involved in an investigation, should be, "immediately available to assist. And transparency -- as much as possible -- should be exercised in regards to communicating status to outside teams on the investigation."
And regarding practice, Carlo Guerriero, cybersecurity and privacy expert at PwC, said, "it is paramount that organizations continuously develop and test their incident response plans."
Sign up for Computerworld eNewsletters.