Journal Free Write #6

Freewrite #6 Outside entities
The topic for this week’s journal free write is to speak about outside entities to consider  communicating with after a security incident, and how you should communicate with them. Firstly,  outside entities (the reading calls them outside parties) refers to anyone that belongs to a  different organization than your own. The main outside parties I’ll speak to are law enforcement  officials, media outlets, and outside security/incident response teams.
One of the most important things for a company to do after a security incident is contact  the correct law enforcement agency. Finding the correct agency to report to can be a difficult  task due to intricacies of different jurisdictions between agencies, and because of this, the  National Institute of Standards and Technology recommends that a designated person should be  appointed on the incident response team and that person “…should be familiar with the reporting  procedures for all relevant law enforcement agencies and well prepared to recommend which  agency, if any, should be contacted.” ​(Cichonski, Millar, Grance, & Scarfone, 2012).   Another important point of contact after a security incident can be the media. Important  companies have a responsibility to disclose a security incident, especially when it effects their  customers or those that rely on them for services. A difficulty that might arise when  communicating with the media however is knowing how much information to release to them.  You can’t necessarily tell them all the details of the incident, because to do so could cause  greater harm by revealing the vulnerability exploited, or other sensitive information about the  case.
Finally, and possibly the most obvious, is contacting an outside security agency. Thinking  back to some of our first readings and the response plans that the NIST laid out in their  framework for safety, we need only to think back to the steps about re-evaluating the  effectiveness of the security in place, and strengthening the security in place based on those  evaluations. Sometimes an outside actor can be useful when evaluating a weakness, as  assessing from the inside can leave us too close to see some problems.

References

Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012). ​Computer security incident handling  guide (draft): Recommendations of the National Institute of Standards and Technology ​ (United  States of America, US Department of Commerce). Gaithersburg, MD: U.S. Dept. of Commerce,  National Institute of Standards and Technology. Retrieved February 24, 2019.