PenetrationVulnerabilityTestingPhoto Man tablet digital lock

How to Report a Security Incident to Internal Stakeholders

As it has been discussed throughout this blog series, the need to respond quickly and to communicate on a real-time basis after an organization has been hit by a Cyber-attack is very critical. Just as important is the need to communicate after the Cyber-attack has been specifically identified and it’s the effects of its impact has been resolved.

After all, people will want to know what exactly has happened, the damages and/or losses it has created, and what can and will be done in the future to prevent it and similar attacks from occurring.

In these instances, it is imperative to communicate all of this to parties that are both internal to the business or corporation (such as the employees, executives, board of directors, investors – these are considered to the “internal stakeholders”) as well as external (such as the partners, clients, suppliers, distributors, etc. – these are considered to the “external stakeholders”).

Thus, withholding any kind of information about the Cyber-attack could lead to a serious level of mistrust and misunderstandings.  Therefore, the representatives of the Incident Response Team must be open and forthright as to what exactly transpired.

How this information will be ultimately disseminated to the internal stakeholders is entirely up to the organization – there is no hard and fast rule for this.  For instance, it could take place as a memo, an E-Mail, or it could even be posted on the company intranet.

But in the end, perhaps having an open forum where the internal stakeholders are physically present could be the best venue to take.  Taking this approach will allow for a real time Questions/Answers to take place, and the internal stakeholders will feel that their input and suggestions will be valued and taken seriously.

In order to decide what will be formally communicated to the internal stakeholders, a defined process must be followed, which is as follows:

1)     Triage the Situation:

The three fundamental questions about the Cyber-attack must first be answered.  These are also known as the four “W’s”:

  •             Whom specifically launched the Cyber-attack?
  •             Why did the Cyber-attack (in other words, what was the underlying motive)?
  •             What parts of the organization did the Cyber-attack effect?
  •             Where was the Cyber-attack launched from?

2)  Decide the specific medium in which the internal stakeholders will be notified:

As mentioned, this could take place either in a print, electronic, or direct person approach.  But whatever the decided medium is, it is important that all messages (such as E-Mails and Texts) be        kept within the Incident Response Team until the above questions have been fully answered.

2)     Manage the Timing of the Communication:

In this step, the internal stakeholders need to be told the venue of how they will be informed of the Cyber-attack, and when such communications will occur.

4)     Rehearse the message:

At this stage, it will be important to conduct a dress rehearsal of the actual message that will be communicated amongst the internal stakeholders.  For example, if it is in a print or electronic form, it will be important that all members of the Incident Response Team review it carefully before it is distributed.  Or, if it will be open forum based, then the presentation that will be given needs to be practiced, as well as the Question/Answer session, where it will be important to brainstorm any potential items that could be questioned by the internal stakeholders.


Our next blog will examine how to communicate an Incident Response to the external stakeholders of your organization.

29 thoughts on “Incident Response Plan – Part 6

  1. Cyber attacks happen all the time.. it is important to put all parties that are (such as the employees, executives, board of directors, investors and so on in the know in case of any cuber attack and Los Angeles MSP can be contacted to solve the problem

  2. This is a very timely topic since we are in a digital age so any Computer Company must be prepared for it. Specially if a huge attacks occurs.

  3. Reporting a security incident to Internal Stakeholders is as important as the financial stand of an organization. With Los Angeles Computer Company you are good to go with your I.T world. Thanks for this post.

  4. Los Angeles IT Outsourcing has been giving a nice sensitization messages across to IT company about cyber attacks. Thanks Be Structured Technology for sharing this with us!

  5. It’s really wise to consider creating a really good incident response plan as a safeguard for all internal stakeholders. It takes quite a lot of careful planning and it’s great if a company should hire the best Los Angeles IT Service to do that job without the hassle.

  6. This post serve as a reminder for companies to hasten up things for incident response by using a good IT Consulting
    Firm like Bestructured technology to work with.

  7. Los Angeles Computer Company would best serve as an amazing place to turn to whenever there is an incident causing any partial shutdown. The four W’s question will surely help in solving issues of Cyber attacks. Looking forward to read the next blog. Thanks Be Structured Technology!

  8. IT Outsourcing should be a last resort.Depending on the issue why resort outside if your own inside team can handle it. It should just be a plan B of sorts.

  9. When once there’s an incident the best bet is reporting to a good IT Service and Support like Bestructured and you would be on your way of getting it done.

  10. I really admire all the work that goes into understanding the mindset of a cyber attacker and making sure that the stakeholders are notified immediately of any threat. Be Structured offers premium IT Outsourcing services for all clientele working together or for the same purpose.

  11. A Computer Company that gets cyber attacked needs to move fast to ensure that its stake holders are notified of what happened. This can greatly help dispel mistrust.

  12. The IT Service & Support teams of an organization under attack need to carefully analyse how the attack took place. This way they can be better prepared in future in case of another attack.

  13. In case of severe attacks, engaging in some IT Consulting can be a good way to know how best to respond to an incident. A professional’s input can be valuable.

  14. A Los Angeles Managed Service Provider like Be Structured can prove to be very helpful when dealing with incident response especially for companies that are not IT based. Thanks for the article, there’s quite a lot to learn from it.

  15. Restoration of vital IT Services is the most important thing when under a cyber attack. As pointed out in the write up, it is also very crucial that a good channel of communication is kept with the stakeholders and employees throughout the process.

  16. Those in California should seek help from this IT Services in California for immediate excellent service. When it comes to incident plans using the best hands is the best.

  17. Always informing articles on cyber attack awareness and preparedness. Be Structured will always give you the best IT service & support for your business.

  18. Any problem with cyberattacks can be handled perfectly by a good Computer Company so I believe that all the those questions can be answered professionally too.

  19. One of the most important things for a computer company that has been attacked is to establish exactly how the attack was initiated. This way they can mitigate future attacks.

  20. Restoration of extremely vital IT Services should be the top priority whenever an attack occurs. This way an organization won’t be completely crippled in the case of an attack.

  21. The best way to know what to do in case of an incident is to do IT Consulting. This is especially true for non-IT based companies.

  22. The Los Angeles Computer Company best suited to handle incident responses is undoubtedly Be Structured. Any company looking to outsource should work with them.

  23. A good IT Service & Support structure should always ensure that everyone is fully aware whenever an attack occurs in a company and what they are doing about it. Transparency is key in such situations.

  24. On the event that the damage has been done. IT Service or any emergency plan should kick in. Although, this is gonna be a lot of work. Specially if the issue is major in nature. It is not free sure but then again nothing is.

  25. This Los Angeles Managed Service Provider can be swift with incident response issues, there’s the need to have a backup plan with them to get a swift response when necessary.

  26. I do not know if Los Angeles IT Service or at least this type of service is in my area but in any incident a fast response is a must. We are not praying for issues but it will happen eventually. That is just how things are.

  27. Answering the the W questions properly of, who, why and where can make all the difference to prevent future cyber attack. You can only answer these questions properly if you have the right IT Service support.

  28. The issues of attacks need to be handled by experts or else it will be difficult to really handled it. Companies in California can use IT Services in California to get the best result.

  29. The issues of cyber attacks need to be addressed properly and also handled by experts or else it will be difficult to really handled it. Companies in California can use IT Services in California to get the best result.

Leave a Reply

Your email address will not be published. Required fields are marked *