Having a response plan built for speed should include a team made up of not only techies, but at least one person from general counsel and one from the PR group. The PR rep is there to help with the game plan on how to handle releasing the information to the public, writing the notification letters, and setting up scripts for the call center (which may be necessary to handle the inquiries from concerned customers/clients).
I also recommend that the team meet a couple of times a year to review and update the response plan to address changes in corporate policy, legislation, or regulations that impact what must be done if certain types of data are breached (like personal or health info). The response workflow needs to have all parties plugged in to be successful.
Definitely take a look at Bill's article, and see if your incident response plan includes those items and the PR aspect I mentioned above. If not, then you could be in for a world of hurt when it's your turn to be the victim of a breach.
John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.