top of page
AdobeStock_69523090.jpeg

How to

Establish and Maintain

Contact Information for

Reporting Security Incidents

- SafeGuard 17.2

Here's a step-by-step guide to establishing and maintaining contact information for parties that need to be informed of security incidents, as per the requirements in CIS Control 17 - Incident Response Management, Implementation Group 1 (IG1):

 

Step 1: Identify Key Stakeholders:

  1. Make a list of internal and external parties that need to be informed of security incidents. This could include IT staff, security team, legal department, executive leadership, third-party vendors, law enforcement, government agencies, cyber insurance providers, ISAC partners, and more.

 

Step 2: Gather Contact Information:

  1. Collect accurate and up-to-date contact information for each key stakeholder. This may include names, roles, phone numbers, email addresses, and any special instructions for contacting them.

 

Step 3: Create a Centralized Contact List:

  1. Compile all the gathered contact information into a centralized contact list or database. This could be a spreadsheet or a specialized incident management system.

ioioioi

Step 4: Organize Contacts by Priority and Role:

  1. Categorize the contacts based on their roles and the level of urgency in notifying them. For instance, IT staff might need immediate notification, while external law enforcement could be contacted in specific situations.

 

Step 5: Verify Contact Information Annually:

  1. Schedule an annual review to verify and update the contact information for all parties. This ensures that you're working with the most current and accurate details.

By following these steps, you'll establish a comprehensive process for maintaining contact information and effectively notifying the appropriate parties of security incidents, in alignment with the requirements of CIS18 Controls.

Step 6: Document Special Instructions:

  1. If there are specific procedures or instructions for contacting certain parties (such as a preferred communication method), document these alongside their contact information.

 

Step 7: Communication Chain of Command:

  1. Define a clear chain of command for notifying different stakeholders. Specify who should be contacted first, and establish backup contacts in case the primary ones are unavailable.

 

Step 8: Internal Communication Process:

  1. Develop a process for how internal staff should initiate the contact with stakeholders. This could include predefined templates for incident notification emails or phone scripts.

 

Step 9: External Communication Process:

  1. Create guidelines for external communication. Determine what information should be shared with each stakeholder and when. Be mindful of legal and privacy considerations.

Step 10: Incident Response Plan Integration:

  1. Integrate the contact information and communication processes into your overall incident response plan. This ensures that everyone involved in incident response knows how to notify stakeholders.

Step 11: Testing and Drills:

  1. Periodically conduct drills and simulations to test the effectiveness of your incident notification process. Use different scenarios to ensure readiness.

 

Step 12: Continuous Improvement:

  1. Regularly evaluate and update your contact list and communication procedures based on feedback, lessons learned from incidents, and changes in stakeholder roles.

 

Step 13: Record Keeping:

  1. Maintain a record of all communications made with stakeholders during incidents. This documentation can be useful for post-incident analysis and compliance reporting.

 

By following these steps, you'll establish a comprehensive process for maintaining contact information and effectively notifying the appropriate parties of security incidents, in alignment with the requirements of CIS18 Controls.

bottom of page