Crisis Communication for Incident Response
One part of intrusion response that rarely gets enough attention in DFIR circles is the communications victim companies make to their own customers. This is almost always the only real information the public (and even security community) see about an intrusion and communicating what happened effectively is crucial to minimizing damage, both to customers and to your organization’s reputation. The 5 Keys to Incident Response Communication It’s difficult to investigate many intrusions. It’s often even more difficult to explain them, especially to less technical individuals, but it remains crucial that the communication about what happened be straightforward, ideally limited to a 5th grade reading level. Without this understanding victims will remain confused and critics will remain skeptical. This clarity has to go beyond one message by making sure messaging stays consistent across multiple messages and mediums. ...