“Determining the material impact typically involves collaboration between IT, legal, finance, and executive teams,” according to James Eason, CRA practice lead at cybersecurity services firm Integrity360. “Those playing their part must be ready to act and be fully effective in doing so.”
In effect, enterprises need a ready-to-go incident management response team drawn from senior management. “This necessitates clearly laid out and understood processes and procedures for the response,” Eason says.
CISOs should ideally build relationships within that team prior to an incident, Roberts says, “so that if it does need to be activated, the process to evaluate and make a materiality determination follows a set playbook and with a sense of joint ownership among key leaders within the business.”
