A significant part of incident response involves communication. NIST’s guidance in this regard focuses on the demands of internal and external stakeholder coordination and appropriate information sharing. Getting this part right requires knowing who should be saying what, when, and to whom.
Say What? Effective incident communication must take into account the unique business needs of different corporate recipients, ranging from IT to HR to Legal. As the late Chicago journalist Sydney Harris once remarked: “The two words ‘information’ and ‘communication’ are often used interchangeably, but they signify quite different things. Information is giving out; communication is getting through.” For incident response, this means (1) establishing criteria for events with business significance; (2) enabling automated response when possible; and (3) limiting internal reporting to individuals who understand its importance, have clear roles and responsibilities, and know how to properly time and coordinate their actions.