☛ Create an information risk profile

☛ Create an impact severity and response chart

☛ Based on severity and channel determine incident response

☛ Create an incident workflow diagram

☛ Assign roles and responsibilities to the technical administrator, incident analyst, auditor and forensic investigator

☛ Develop the technical framework

☛ Expand the coverage of DLP controls

☛ Append the DLP controls into the rest of the organization

☛ Monitor the results of risk reduction