Who ‘owns’ an investigation into a security breach?
The last things an organization needs when launching an investigation into any kind of security breach are confusion and disorganization.
If it is not clear who is really in charge, or what responsibilities fall to what departments, that is adding trouble to trouble.
But that, according to the Security Executive Council (SEC), an Atlanta-based research and advisory firm, is too often the case.
In a recent paper titled, “Confusion about investigative program ownership/responsibility,” the SEC said after working with “many organizations,” the problems it has found with investigations include: