What are the best practices for communicating with stakeholders during a security incident response?

1 Define the roles and responsibilities

The first step in communicating with stakeholders is to establish a clear and consistent incident response team (IRT) that has the authority and accountability to handle the situation. The IRT should include representatives from different functions, such as security, IT, legal, PR, customer service, and business units, depending on the nature and scope of the incident. The IRT should also assign specific roles and responsibilities to each member, such as incident coordinator, spokesperson, analyst, or liaison, and define the communication channels, protocols, and escalation procedures.

2 Assess the impact and urgency

The next step in communicating with stakeholders is to assess the impact and urgency of the incident, and prioritize the communication accordingly. The Incident Response Team (IRT) should take into account the severity and scope of the incident, the expectations and obligations of the stakeholders, and the availability and accuracy of the information. These factors should be used to classify the incident into different levels of impact and urgency, such as low, medium, or high, and communication should be tailored accordingly. This will help ensure that the stakeholders are informed and reassured, and that the company can gain valuable insights for improving its cloud security posture.

3 Tailor the message and tone

The third step in communicating with stakeholders is to tailor the message and tone to suit the audience, the context, and the objective. When doing so, the IRT should consider the purpose and goal of the communication, the audience and channel of the communication, and the content and tone of the communication. This includes the facts, figures, and evidence of the incident, the actions taken and planned by the IRT, the impact and implications for the stakeholders, and the empathy, transparency, and confidence of the IRT. By taking these factors into account, the IRT can craft a message and tone that is appropriate, relevant, and consistent for each stakeholder group.

4 Deliver the communication and feedback

The final step in communicating with stakeholders is to deliver the communication and feedback in a timely, accurate, and respectful manner. The IRT should take into account the timing and frequency of the communication, such as the initial notification, the updates, and the closure of the incident, as well as the accuracy and completeness of the information. Additionally, the IRT should be respectful and responsive to the stakeholder's concerns, incorporating their feedback and providing support or assistance. Ultimately, the IRT should deliver communication and feedback that is timely, accurate, and respectful for each stakeholder group.