Module 4: Incident Response Communication Plans
The Importance of a Communications Plan
Clarity, Contacts and Coordination
Incidents are confusing at the start, thus coordinate, communicate, and clarify. Examples of good plans:
Reputation and Trust
Good reputation encourages trust. There are 8 key rules to managing a negative social media posting:
Be aware
Timeliness
Professionalism
Don't be defensive
Respond publicly
Don't be generic
Response plan
Closure
Preparedness and Resiliency
Build and utilize playbooks. Do tabletop exercises to practice.
Credibility and Timing
Don't blame others and don't dilly dally.
Other Considerations
Social Media
Testing the Plan
Flexibility
Examples of Communications Plans
Communication Before a Crisis
The CMU Guide to Effective Communications
CMU Trust Tip: Remember - the way you handle the media in a crisis will ultimately affect the level of trust your constituencies place in you.
The Knight-Nurse Framework
Understand the Traffic Light Protocol
Be a Good Communicator
The seven circumstances of rhetorical thinking, with a cyber spin:
What happened (data breach, denial of service, etc.)?
When did it happen (timestamps, timeline)?
Why did it happen (to obtain data, to hold the company to ransom, etc.)?
Where did it happen (scope of the incident)?
Who did it (attribution)?
With what did it happen (type of malware, botnet used, etc.)?
How did it happen (weaknesses enabling foothold, access, escalation etc.)?
Communication During a Crisis
Sounding the Alarm
Understand mandatory vs. voluntary disclosure, get answers to important questions.
Information Dissemination
Timely, accurate and complete updates. Documentation.
Communication Protocols
Dictated by immediacy and audit trail we wish to retain for the incident.
SEC Communication Considerations
If a cyber incident is assessed to be material it must be reported on Form 8-K within four business days.
Communication After a Crisis
Lessons Learned
Reflect on what did/didn't go well.
Last updated