In order to track perpetrators of a breach, investigators might also need to coordinate with Internet service providers (ISPs), search engines or social network sites. When such information is crucial to the investigation, it is important to involve law enforcement agencies, as these sources will only release data to law enforcement.
* Publicity: In cases of high-profile breaches, having work performed by outside experts lends some needed credibility during a difficult time, thus helping restore a company's reputation even before any damage has occurred. Obtaining outside assistance communicates to shareholders, customers, and the public alike that an organization is serious about resolving a breach.
During publicized breaches, the public may have a hard time believing what an organization says; however, assurances that issues are being addressed and actions are being taken to avoid future incidents made by an outside company are invaluable. Computer forensics investigators and other specialists, including attorneys, can bring much-needed gravity when such assurances need to be made -- whether to internal or external parties -- and particularly when announcements are to be made publicly.
Attorneys and PR consultants can assist company executives in crafting responses to the press that accurately portray the weight of the situation without creating undue panic that could result in negative damage. [Case study: "Zappos data breach response a good idea or just panic mode?"]
* Skill set: Specific legal, technical or evidentiary situations may require the use of an outside consultant. These outside experts work with these types of situations on a daily basis and are familiar with response techniques. Attorneys, for example, offer critical expertise when an area of regulation is relevant to a breach. Many regulations, including the Federal Information Security Management Act (FISMA), Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH) and Gramm-Leach-Bliley Act (GLBA) require some level of notification following a data breach.