Trial lock

This Research is for Members Only

Not a member? Unlock a free sample of our research now!

Already a member?

Sign in now

Security icon

Master Your Security Incident Response Communications Program

Learn how to talk to your stakeholders about what’s going on when things go wrong.

Unlock a Free Sample

View Storyboard

Solution Set Storyboard Thumbnail

Contributors

  • Loren Dealy Mahler, President, Dealy Mahler Strategies LLC
  • Glendalynn Dixon, Consultant, Facilitator, Advisor, Technology Industry
  • Edward Gray, Lecturer, Ivey Business School at Western University
  • Keith Marnoch, Director, Media & Community Relations, Western University
  • TJ Minichillo, Global Head Cyber Intelligence & Analytics, Energy Industry
  • Tracy Olmstead Williams, President & CEO, Olmstead Williams Communications

Your Challenge

  • When a significant security incident is discovered, usually very few details are known for certain. Nevertheless, the organization will need to say something to affected stakeholders.
  • Security incidents tend to be ongoing situations that last considerably longer than other types of crises, making communications a process rather than a one-time event.
  • Effective incident response communications require collaboration from: IT, Legal, PR, and HR – groups that often speak “different languages.”

Our Advice

Critical Insight

  • There’s no such thing as successful incident response communications; strive instead for effective communications. There will always be some fallout after a security incident, but it can be effectively mitigated through honesty, transparency, and accountability.
  • Effective external communications begin with effective internal communications. Security Incident Response Team members come from departments that don’t usually work closely with each other. This means they often have different ways of thinking and speaking about issues. Be sure they are familiar with each other before a crisis occurs.
  • You won’t save face by withholding embarrassing details. Lying only makes a bad situation worse, but coming clean and acknowledging shortcomings (and how you’ve fixed them) can go a long way towards restoring stakeholders’ trust.

Impact and Result

  • Effective and efficient management of security incidents involves a formal process of preparation, detection, analysis, containment, eradication, recovery, and post-incident activities: communications must be integrated into each of these phases.
  • Understand that prior planning helps to take the guesswork out of incident response communications. By preparing for several different types of security incidents, the communications team will get used to working with each other, as well as learning what strategies are and are not effective. Remember, the communications team contains diverse members from various departments, and each may have different ideas about what information is important to release.

Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should implement a security incident response communications plan, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

1. Dive into communications planning

This phase addresses the benefits and challenges of incident response communications and offers advice on how to assemble a communications team and develop a threat escalation protocol.

Guided Implementations

This guided implementation is a four call advisory process.

Guided Implementation #1 - Dive into communications planning

Call #1 - Establish the SIRCT.
Call #2 - Explore the elements of effective security incident response communications.

Guided Implementation #2 - Develop your communications plan

Call #1 - Create an internal communications plan.
Call #2 - Develop an external communications strategy.