Module 4: Incident Response Communication Plans

The Importance of a Communications Plan

Clarity, Contacts and Coordination

Incidents are confusing at the start, thus coordinate, communicate, and clarify. Examples of good plans:

Gitlab Communications Plan

Gitlab Communication Plan Contacts

Reputation and Trust

Good reputation encourages trust. There are 8 key rules to managing a negative social media posting:

1. Be aware

2. Timeliness

3. Professionalism

4. Don't be defensive

5. Respond publicly

6. Don't be generic

7. Response plan

8. Closure

Preparedness and Resiliency

Build and utilize playbooks. Do tabletop exercises to practice.

Credibility and Timing

Don't blame others and don't dilly dally.

Other Considerations

• Social Media

• Testing the Plan

• Flexibility

Examples of Communications Plans

Incident Response Communication Plan Template | Template by ClickUp™clickup.com

Incident communication templates and examples | AtlassianAtlassian

Security Incident Communications PlanThe GitLab Handbook

Communication Before a Crisis

The CMU Guide to Effective Communications

CMU Trust Tip: Remember - the way you handle the media in a crisis will ultimately affect the level of trust your constituencies place in you.

The Knight-Nurse Framework

Understand the Traffic Light Protocol

Traffic Light Protocol

Be a Good Communicator

The seven circumstances of rhetorical thinking, with a cyber spin:

• What happened (data breach, denial of service, etc.)?

• When did it happen (timestamps, timeline)?

• Why did it happen (to obtain data, to hold the company to ransom, etc.)?

• Where did it happen (scope of the incident)?

• Who did it (attribution)?

• With what did it happen (type of malware, botnet used, etc.)?

• How did it happen (weaknesses enabling foothold, access, escalation etc.)?

Communication During a Crisis

Sounding the Alarm

Understand mandatory vs. voluntary disclosure, get answers to important questions.

Information Dissemination

Timely, accurate and complete updates. Documentation.

Communication Protocols

Dictated by immediacy and audit trail we wish to retain for the incident.

SEC Communication Considerations

SEC.gov | SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companieswww.sec.gov

If a cyber incident is assessed to be material it must be reported on Form 8-K within four business days.

Communication After a Crisis

Lessons Learned

Reflect on what did/didn't go well.