Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!

Incident Response: Communication is Key

By David Brown
January 1, 2008
When an incident hits an enterprise’s IT infrastructure, the response team must also address internal and external communication needs in addition to technical issues such as investigation, containment and recovery.


When an incident response team is faced with a potential security breach or data loss, there are myriad concerns to address. Many incident management plans address technical issues such as investigation, containment and recovery. But, it is essential that each phase of the plan also covers communication – a key requirement for effective incident response.

The incident communication strategy must cover compliance-related issues, media communications and internal communications. And, it must strike a balance between openness and protection. Revealing more information than necessary could result in undue escalation or exposure of an exploitable weakness that has not yet been remedied. However, withholding information can cast your organization in a negative light and create the impression that you have something to hide.

Keeping appropriate people informed and reminding them of their responsibilities to maintain the confidentiality of any related information can diffuse rumors or speculation, according to David Brown.

COMMUNICATION-RELATED COMPLIANCE ISSUES

Following California’s SB 1386 in 2002, a majority of states have passed laws requiring disclosure of data security breaches. Understanding the legislation that is relevant to your organization and the impact it has on incident reporting should be a part of the planning process rather than a reactionary exercise during an actual event.

Beyond the chief security officer and the chief information officer, including an organization’s legal department or counsel on the incident response team is strongly recommended to help with these increasingly complex issues. Criteria to consider when interpreting legislation include the scope of individuals affected, the specific data types included and the required method of disclosure.

There are few similarities among the various state laws, other than that they apply to agencies, businesses or individuals doing business in the respective states, and they require some form of notification in the event of a breach. Different states’ definitions of concepts such as “personal data” and “security breach” can vary widely. Notification requirements vary as well. For example, Arkansas SB 1167 requires that consumers be notified of a security breach affecting data in electronic or physical form, while Florida’s HB 481 does not require notification “if after appropriate investigation or consultation with law enforcement, (the) person (responsible has) reasonably determined (that the) breach has not and will not likely result in harm to individuals.”

In addition, disclosure announcements and incident communications themselves must not create a violation of any regulation or privacy requirements -- an astute spy can potentially take bits and pieces of seemingly harmless, unclassified information and deduce a state secret.

HANDLING THE MEDIA

Establishing a rapport with media outlets is as important to incident response as a relationship with law-enforcement agencies. Your organization must be prepared for all levels of attention from local news to national wire services. (See the News & Analysis article in the November issue of Security Magazine. – Editor)

Advanced preparations for press releases, announcements or disclosure statements should be coordinated with the business unit responsible for communications, such as public relations, marketing or corporate communications department. Including a representative of this department on the incident management team is advisable; as a part of the team, they’ll be involved from the beginning of an incident, allowing them to personally witness the entire process and convey more complete information. A dedicated technical liaison should be identified to assist with translation of detailed data into language that is clear and understandable by the intended audience -- remember that a statement might not be reported in its entirety, and sound bites are often taken out of context creating far more damage than the incident itself.

INTERNAL COMMUNICATION

Internal communication flow must also be addressed in the incident management plan. This includes incident response team members, management and the general employee base. Keeping people informed about facts surrounding the incident at the appropriate level and time and reminding them of their responsibilities to maintain the confidentiality of any related information can diffuse rumors or speculation. It will also help to minimize the risk of information being inadvertently released to outside entities, which could endanger an investigation or cause negative publicity.

COMMUNICATION CAN MAKE ALL THE DIFFERENCE

An incident communication strategy that covers compliance related issues, media communications and internal communications will ensure timely delivery of appropriate information to both internal and external stakeholders. A well-prepared and well-executed communications plan can make the difference between accolades from the public, the press, and colleagues, or seeing your organization’s name in negative headlines.

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

David Brown is a managing consultant, security advisory services at Forsythe Solutions Group. Brown has expertise in the areas of security architecture design and review, vulnerability assessment and penetration testing, policy and procedure assessment and development, security technology training and security project management.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing