Also messages should be tailored for individual recipients. Information about the breach that is told to the board should be tailored to answering the question, "How and how soon can business get back to normal?" he says.
Within a week of cleaning up a breach, the team should reassemble and discuss its actions, what went right, what went wrong and how to be better prepared the next time.
The positives should be highlighted and adopted as sound procedures for future use. Negatives should be noted and fixed. If they were part of the incident response plan, the plan should be updated.
These sessions should also include others who weren't involved directly in the response but who may offer informed perspectives that team members might miss. For example, those managers who supervise team members when they're not responding to an incident can be a good addition, Woolwine says. They have likely heard a version of the experience and may have helpful thoughts. Also including them may make them more receptive to freeing up team members the next time there's an incident.
Sign up for MIS Asia eNewsletters.