Communications

            When reviewing past incidents, one common theme is addressed
            in the documentation, and that is the challenge of
            communications. Incidents breed rumors and suspicion, and the
            only way to combat the negative impact and uncertainty
            associated with the incident is through effective and timely
            communication.

            The organization should have plans in place to communicate
            with employees, customers, suppliers, and the general public.
            Communications should be handled by authorized personnel that
            has been trained in how to handle the media. In a world of social
            media, the organization must be diligent in communicating
            promptly and honestly through all the common channels of
            communication in use today - website, social media, print, radio,
            and television.


            Evidence

            Evidence is the material data and artifacts that can be used
            during the investigation of an incident. Any evidence that could
            be used in the investigation should be identified and then
            collected according to approved practices and procedures. All
            evidence should be collected so that the evidence is complete.
            Evidence must be gathered legally and in a way that preserves
            the integrity of the evidence (it has not been altered
            inappropriately). The gathering of evidence starts the chain of
            custody of the evidence. The chain of custody is an unbroken
            documented record of all actions to, ownership of, and location
            of the evidence at all times from its initial seizure until it has
            been released (destroyed or returned to its owner).