(12) Incident Reporting

Question 1

Describe the importance of stakeholder notification when it comes to Incident response

Answer 1

The org needs to identify key stakeholders in order to get information to the right people are he right time.

These people include admins, developers, management, legal counsel, etc.

External stakeholders could include customers, law enforcement, service providers, external counsel, etc.

Question 2

When an incident is detected and analysis has begun, what communication needs to happen?

Answer 2

1. The IoCs that cause the investigation need to be communicated to incident responders
2. The incident responders need to determine if the IoCs point to an incident or false positive
3. If an incident is declared, incident response processes kick in and the containment, eradication, and recovery stages happen.

Communication must happen at all stages of the incident response process.