You are formulating corrective actions following a security breach incident. The security issue has been resolved, but there's a need to address the contributing factors to avoid future occurrences. You want to ensure the action items are executed effectively and in a timely manner. How should you allocate responsibilities for these action items?