When thinking about incident response, communication is critical. Organizations need to think about communication...
in two phases. The first phase takes place during the incident; say as little as possible because it may be unclear who is responsible, and giving away too much could impede a possible investigation. Send out a blanket statement saying there has been a security breach, it's under investigation and the company will have an official statement as quickly as possible. The people that are directly affected need to understand how and what they should be doing, but until the storm blows past, keep a tight lid on information.
In the aftermath of a security incident, it's wise for organizations to do a formal post-mortem. This is the second phase of communication. Employees need to understand what happened, who was responsible and, most importantly, what new processes and/or controls should be implemented to make sure it doesn't happen again. A big part of these lessons learned is to communicate to the staff at large.
Don't point fingers or make an example of anyone, but do use the security incident as an internal case study; it's a great example of how to leverage something current and timely to educate employees. Alternatively, consider using another company's breach as an educational device. Of course, that won't be as timely or effective, but at least it won't be coming on the heels of the company's own breach.
Related Q&A from Mike Rothman, Contributor
In the world of security certifications, what is the GISP and how alike is it to the CISSP? In this security management expert response, learn about ...continue reading
Depending on your enterprise, it may or may not be necessary to utilize a QSA. In this security management expert response, learn how to determine ...continue reading
When developing software securely, what role does gap analysis play? In this security management expert response, learn how to implement gap analysis...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.