Difference between revisions of "User:Shawndouglas/sandbox/sublevel3"

From LIMSWiki
Jump to navigationJump to search
Line 1: Line 1:
Safely and correctly working with sensitive, protected, or confidential data in the organization is no simple task, requiring extra precautions, attention to regulations, and improved awareness throughout the workflow. In the clinical realm, organizations have PHI to worry about, while forensic labs must be mindful of working with classified data. Most businesses keep some sort of financial transaction data, and even your smallest of businesses may be working with trade secrets. These and other types of data require special attention by those creating a cybersecurity plan. Important considerations include staying informed of changes to local, state, and federal law; being vigilant with any role-based access to sensitive data; developing and enforcing clear policy on documenting and disposing cyber assets with such data; and developing boundary protection mechanisms for confining sensitive communications to trusted zones.<ref name="LebanidzeGuide11">{{cite web |url=https://www.cooperative.com/programs-services/bts/documents/guide-cybersecurity-mitigation-plan.pdf |format=PDF |title=Guide to Developing a Cyber Security and Risk Mitigation Plan |author=Lebanidze, E. |publisher=National Rural Electric Cooperative Association, Cooperative Research Network |date=2011 |accessdate=23 July 2020}}</ref> Cybersecurity standards and frameworks provide additional guidance in this realm.
As discussed earlier, fostering an environment of transparency in regards to cybersecurity matters is beneficial to the business. By extension, this includes properly disseminating notice of cybersecurity risks, breaches, and associated responses. Steve McGaw, the chief marketing officer for AT&T Business Solutions, had this to say about it in 2017<ref name="McGawBreaching17">{{cite journal |url=https://apps.prsa.org/Intelligence/TheStrategist/Articles/view/11873/1152/Breaching_the_Secret_to_Cybersecurity_Communicatio |title=Breaching the secret to cybersecurity communications |author=McGaw, S. |journal=The Public Relations Strategist |issue=Spring 2017 |year=2017 |accessdate=23 July 2020}}</ref>
 
<blockquote>When a breach is revealed, the attacked company is portrayed not as a victim, but as negligent and, in a subtle way, complicit in the event that ultimately exposed partners and customers. In short, it’s clearer than ever that cyberattacks can have an existential impact on companies. If customers don’t trust a company, then they simply won’t do business with them. These types of brand implications are indelible, and a communication strategy is invaluable.</blockquote>
 
This is where you decide how to communicate cybersecurity incidents and respond to them. McGaw and others offer the following advice in that regard<ref name="McGawBreaching17" /><ref name="NARUCCyber18">{{cite web |url=https://pubs.naruc.org/pub/8C1D5CDD-A2C8-DA11-6DF8-FCC89B5A3204 |format=PDF |title=Cybersecurity Strategy Development Guide |author=Cadmus Group, LLC |publisher=National Association of Regulatory Utility Commissioners |date=30 October 2018 |accessdate=23 July 2020}}</ref><ref name="LagoHowTo19">{{cite web |url=https://www.cio.com/article/3295578/how-to-implement-a-successful-security-plan.html |title=How to implement a successful cybersecurity plan |author=Lago, C. |work=CIO |publisher=IDG Communications, Inc |date=10 July 2019 |accessdate=23 July 2020}}</ref><ref name="HamburgAlign18">{{cite book |chapter=Chapter 4: Aligning a Cybersecurity Strategy with Communication Management in Organizations |title=Digital Communication Management |author=Hamburg, I.; Grosch, K.R |editor=Peña-Acuña, B. |publisher=IntechOpen |year=2018 |isbn=9781838814908 |doi=10.5772/intechopen.75952}}</ref>:
 
* Organize an incident response team of IT professionals, writers, leaders, and legal advisers and together develop protocols for how revelation of a cybersecurity incident should be handled, from the start.
* Ensure that upon an identified breach that the issue and it's likely impact are eventually clearly understood before communicating it to stakeholders. Communicating a hastily written, vague message creates more problems than solutions.
* Provide messaging on the solution (corrective action), not just the problem. Sometimes the solution is complex and difficult, but it's still beneficial to at least let stakeholders know action is being taken to correct the issue and limit its impact.
* Consider the use of playbooks, report templates, and training drills as part of your communication plan. Practice resolving security incidents with your assembled incident response team, and seek outside help when needed.
* When crafting your message, avoid jargon, use clear and simple language, be transparent (avoid "may" and "might"; be up-front), and keep your business values in context with the message.
* Don't forget to extend transparent messaging to internal stakeholders.


==References==
==References==
{{Reflist}}
{{Reflist}}

Revision as of 17:05, 16 February 2022

As discussed earlier, fostering an environment of transparency in regards to cybersecurity matters is beneficial to the business. By extension, this includes properly disseminating notice of cybersecurity risks, breaches, and associated responses. Steve McGaw, the chief marketing officer for AT&T Business Solutions, had this to say about it in 2017[1]

When a breach is revealed, the attacked company is portrayed not as a victim, but as negligent and, in a subtle way, complicit in the event that ultimately exposed partners and customers. In short, it’s clearer than ever that cyberattacks can have an existential impact on companies. If customers don’t trust a company, then they simply won’t do business with them. These types of brand implications are indelible, and a communication strategy is invaluable.

This is where you decide how to communicate cybersecurity incidents and respond to them. McGaw and others offer the following advice in that regard[1][2][3][4]:

  • Organize an incident response team of IT professionals, writers, leaders, and legal advisers and together develop protocols for how revelation of a cybersecurity incident should be handled, from the start.
  • Ensure that upon an identified breach that the issue and it's likely impact are eventually clearly understood before communicating it to stakeholders. Communicating a hastily written, vague message creates more problems than solutions.
  • Provide messaging on the solution (corrective action), not just the problem. Sometimes the solution is complex and difficult, but it's still beneficial to at least let stakeholders know action is being taken to correct the issue and limit its impact.
  • Consider the use of playbooks, report templates, and training drills as part of your communication plan. Practice resolving security incidents with your assembled incident response team, and seek outside help when needed.
  • When crafting your message, avoid jargon, use clear and simple language, be transparent (avoid "may" and "might"; be up-front), and keep your business values in context with the message.
  • Don't forget to extend transparent messaging to internal stakeholders.

References

  1. 1.0 1.1 McGaw, S. (2017). "Breaching the secret to cybersecurity communications". The Public Relations Strategist (Spring 2017). https://apps.prsa.org/Intelligence/TheStrategist/Articles/view/11873/1152/Breaching_the_Secret_to_Cybersecurity_Communicatio. Retrieved 23 July 2020. 
  2. Cadmus Group, LLC (30 October 2018). "Cybersecurity Strategy Development Guide" (PDF). National Association of Regulatory Utility Commissioners. https://pubs.naruc.org/pub/8C1D5CDD-A2C8-DA11-6DF8-FCC89B5A3204. Retrieved 23 July 2020. 
  3. Lago, C. (10 July 2019). "How to implement a successful cybersecurity plan". CIO. IDG Communications, Inc. https://www.cio.com/article/3295578/how-to-implement-a-successful-security-plan.html. Retrieved 23 July 2020. 
  4. Hamburg, I.; Grosch, K.R (2018). "Chapter 4: Aligning a Cybersecurity Strategy with Communication Management in Organizations". In Peña-Acuña, B.. Digital Communication Management. IntechOpen. doi:10.5772/intechopen.75952. ISBN 9781838814908.