04. Incident Response Communications (485)

Question 1

Crisis Management and Communications

Crisis Management process is used to respond to various business emergencies
They should be incorporated into security incident response plans

486

Question 2

Crisis Communications

Crisis Communications is a public relationships function used to inform internal and external parties of the proceedings of business emergencies

486

Question 3

Communications

Organisations may utilize the legal counel as a central point of communications during a security incident

Question 4

Legal Terms - Security Incident

“Security incident” is a egal term. Legal agreements and regulations require disclosure of “security incidents” within so many hours
Organisations may reframe from using the term “security incident” and instead use “security event”
This helps an organisation protect itself from prematurely disclosing an event

487

Question 5

Incident Record Keeping

Using a normal ticket system to document all records of a security incident may not satisfy requirements as often multiple personnel can read ticket systems.
The information should be limited to as few a people as possible

488

Question 6

Incident Log

Maintain a master index of a history of past events. Include the following;

1. Incident number
2. Date
3. Name
4. Short Desc
5. Incident context and severity
6. URL pointed to repository of incident details

489

Question 7

Incident Metrics

Incident management program can be managed and improved when key metrics are established to measure performance

489

Question 8

Incident Metrics Reporting

Security incident reporting for board of directors may contain metrics showing trends of incidents over time and decrease/increase areas of performace
i.e. whether number of incidents are increasing or decreasing over time, or effort and cost to incident response are increasing or decreasing over time

489