A Cyber Security Incident Communications Plan suitable for small organisations.
Use the link at the bottom of this page to download a template of this document that can be customised for your organisation.
----------------------------------------------------------------------------------------------
1 This Plan
This is the Cyber Security Incident Communications Plan for <Organisation Name>. Use it to communicate effectively during any cyber security incident. Because cyber attacks can make access to electronic files impossible, PRINT this document, making sure the printed version is always the latest version available.
2 Preparations Checklist
Use this checklist to prepare for a cyber security incident and be ready to execute this Plan.
<This is an example list of information – add, delete, modify as needed>
- <Communications App (e.g. Telegram, WhatsApp, Signal)> will be used during an incident
- <Communications App (e.g. Telegram, WhatsApp, Signal)> has been installed on the mobile telephones of <List of People>
- The <App channel or group name; e.g. OurEmergencyChannel> has been created in <Communications App (e.g. Telegram, WhatsApp, Signal)> for use in an incident
- <List of people> have provided the following personal information (see table below):
- Mobile telephone number
- Alternate (non-organisational) email address
- Chat application usernames (e.g. @MyNameIsMartha)
- Normal out-of-hours location (e.g. suburb or address)
- This Plan is printed and replaces any previously printed document.
<This table is an example of what might be useful, including example content – add, delete and modify sections as needed, and then add appropriate content>
Person |
Role |
Location |
|
Chat Name |
Telephone |
Henry Reims |
Vicar |
North Ridge |
henry@home.au |
@Henry |
0499 555 111 |
Sandra Silk |
Office Mgr |
South Point |
sally@isp.org |
@SuperSandy |
0499 111 555 |
Peter Ponto |
MSP Inc |
City |
peter@msp.com |
@MSP_PeterP |
0499 345 789 |
3 Incident Handling
3.1 Incident Response and Recovery
<This is an example list of information – add, delete, modify as needed>
- Immediately remove <System names> from the network, if still connected
- Telephone <Name of Person> to advise a cyber security incident is in progress
- Telephone <External Organisations> who will assist with resolving the incident
- Advise <Regulatory or Mandatory Reporting Authorities>, if required
- Provide updates to <List of People> <every two hours> until fully resolved
- Do not use email on any system or telephone until advised by <Name of Person> that it is OK to do so
3.2 Post- Incident
<This is an example list of information – add, delete, modify as needed>
- Telephone <List of People> to advise the cyber security incident is ended
- Telephone <External Organisations> who assisted for any final advice and to thank them
- Advise <Regulatory or Mandatory Reporting Authorities>, if required
- Provide a report to <Group of People> within <four weeks> after incident is resolved, including lessons learned
3.3 Things to Communicate
Some important things to communicate may include:
- <This is an example list of things – add, delete, modify as needed. See Examples below.>
- Date and time of first awareness of incident, and milestones to resolution
- Known effects of incident – keep these current as they change or are better understood
- Known impact on normal activities – keep this current as it changes or is better understood
- Summary of people actively involved or requested to be involved in working the incident
- Estimated date/time of activities until incident resolution, as they become clear, including:
- Activities to reduce the effects and impact of the incident
- Understanding of the cause of the incident
- Resolution activities in progress
- Essential functions/services/activities preserved or restored
- Incident fully resolved
- Non-essential functions/services/activities restored
- Any actions or decisions required of <List of People>
- <Other relevant matters>
3.4 Reporting the Incident
<Note: As with all sections, only if required>
After the incident is fully resolved, log it on the Australian Government Cyber Reporting website:
https://reportapp.cyber.gov.au/#/business
3.5 Media Communications
Only <Name of Person> will communicate with the media, if required. Refer all enquiries to <Name of Person>. Guard sensitive information extremely carefully, particularly if asked questions.
4 Review – Accurate and Current
This Plan can only be effective if the details in it are kept accurate and up-to-date. This Plan is reviewed every six months to ensure the details it contains remain accurate and current, but it should be revised and updated at any time to keep it accurate and current.
Comments
0 comments
Please sign in to leave a comment.