Communicating and Documenting Security Incidents

Security incidents are increasing, as is the need to effectively communicate and document security incidents. Learn to be effective in communicating and documenting security incidents so you can help your incident response and compliance teams.
Course info
Level
Beginner
Updated
Jun 8, 2018
Duration
1h 1m
Table of contents
Description
Course info
Level
Beginner
Updated
Jun 8, 2018
Duration
1h 1m
Description

72 hours is all the time you have to report a security breach under the GDPR laws. However, we document and communicate security incidents every day, whether we realize it or not. Due to the growing emphasis on information security from regulations such as the GDPR, HIPPA and state laws in the US and around the world, the volume of communication and documentation necessary for security incidents is going to keep growing. In this course, Communicating and Documenting Security Incidents, you will learn a number of techniques to make your communication more effective. First, you will learn about various types of documenting, ranging from typical support case tickets, all the way through to official reports you might need to send to data protection regulators. Next, you will discover how to tailor your communication to achieve the best results. Finally, you will explore real-world examples to determine how effective the incident communication was in these cases. When you are finished with this course, you will have learned the skills and knowledge of how to effectively communicate and document security incidents.

About the author
About the author

Richard has worked for over 20 years in various technology management roles working in card payments and regulated financial sectors. He spent several years deploying niche payment card solutions in Europe and more recently as CIO, serving the US mortgage sector. Richard specializes in IT Risk and Information Security management.

More from the author
Cybersecurity Threats: Insider Threats
Beginner
2h 2m
13 Oct 2017
Cybersecurity Threats: Ransomware
Intermediate
2h 31m
26 Apr 2017
More courses by Richard Harpur
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi, I'm Richard Harpur, and welcome to this Pluralsight course, Communicating and Documenting Security Incidents. Seventy-two hours. That is all the time you have to report a data breach under GDPR laws, HIPAA requirements, and all 50 U. S. states have similar obligations. We communicate and document information security incidents every day, whether we realize it or not. In this course, you're going to learn what we mean when we say communicating and documenting security incidents. You will see various types of documentation ranging from typical support case tickets all the way through to official reports you might need to make to data protection regulators and even see the official data breach report from the ISO in the UK. That's the UK's data protection regulator. You will also learn what you need to consider when you're communicating security incidents. You're going to learn the traffic light protocol, which is now universally used in documenting security information. I will share with you some key techniques that will make your communication more effective. Wrapping up this course, we'll pick two very public data breaches and look at how well they were communicated. All of these skills will help you to become more effective in your role, whether you're starting off as a security analyst, leading a SOC team or responsible for the secure operations of an IT system. And best of all, you don't need to have completed any other courses to join me on this one. I'm delighted you're going to join me in this course, so let's get started!

Communicating and Documenting in Incident Response
Thanks for joining me for this module where we're going to look at communicating and documenting within an incident response scenario. If you've been following along from the first module in this course, you will already have covered off the what and the why. In this module, we're going to drill in a little bit deeper and look at incidents and escalation. Two of these go hand-in-hand, where every incident you may need to involve in escalation to respond correctly to that incident. So let's have a quick look at what's coming up in this module. During this module, we're going to look at the incident response lifecycle. Within this section, we're going to set out the various stages within the lifecycle of responding to a security incident. Then we're going to look at the appropriate types of communication. Different types of incidents require different methods and techniques for communication. We're going to look specifically at escalation. When do you need to escalate, how do you escalate, and what are the communication priorities when you are escalating? Finally, we're going to close out this module by looking at something that's called a traffic light protocol. This is a standard that is used when you're documenting information to give the reader an indication as to how appropriate it is to share the information contained within your written communication to help them understand what is appropriate sharing for that documentation. So we're going to look at an example of the traffic light protocol. We'll also use some examples throughout this module, so let's get started.

Communicating Techniques
Thank you for joining for this module, where we're going to look at different techniques you can use in communicating and documenting security incidents. So far the skills you've learned revolve around the what and the why in relation to communication and documentation. We also then looked at incidents and escalation. In this module, we're going to learn about some of the techniques that you can apply in your work to help you become a better communicator of security incidents. We're going to cover what the basic fundamental data elements are in a communication. Think of these as the mandatory pieces of information you need to communicate. Then we're going to look at some techniques that you can apply in communication. After that we're going to look at a real-world data breach report form that is provided by the ICO in the UK. This is the data protection regulator in the UK. And finally, we're going to touch on certain communication that can really help your security strategy, and this is not necessarily related to incidents, but can help communicate the work that you're doing within incident response. A lot to cover, so let's get started.

Capturing Evidence and Real-world Examples
In this module, we're going to look at capturing evidence, which is a key part of documentation, and we're also going to look at real-world communication examples. If you're following along in this course from the very start, you will have covered the what and the why for security incident communication and documentation. We then looked at incidents and escalation, and we learned some techniques that you can apply in your own organization. We're going to wrap up this course by looking at capturing evidence and real-world examples. Congratulations on your progress to date, and let's get started and look what's coming up in this module. In this module, we're going to discuss evidence in security incidents. Then we're going to talk about communication and use some real-world examples. From there, I'll give you some direction on where you can go after you've completed the course. So let's get started.