In the realm of cybersecurity, having quick access to the right contacts during an incident is critical. This guide provides a structured approach to maintaining an updated list of internal and external contacts necessary for incident response and other cybersecurity needs.
Objectives
To ensure quick and efficient communication during cybersecurity incidents.
To maintain an organized and accessible list of contacts relevant to cybersecurity and incident response.
Components of a Contact List
Your contact list should be comprehensive and include both internal and external contacts. Here are the types of contacts to consider:
Internal Contacts:
Cybersecurity Team Members: Names, roles, and contact information of all members of the cybersecurity team.
IT Department Staff: Key IT personnel who may need to be involved in responding to incidents.
Executive Management: Senior leaders who need to be informed about serious incidents.
Legal Department: Contact information for legal advisors or counsel.
Human Resources: HR contacts for any personnel-related issues that arise during an incident.
Communications Team: Contacts responsible for internal and external communications, including public relations.
External Contacts:
Law Enforcement: Relevant local and national law enforcement agencies that deal with cyber crimes.
Regulatory Bodies: Contacts at regulatory bodies to which you might need to report certain types of incidents.
Cybersecurity Assistance Firms: External cybersecurity firms or consultants that provide support for incident response or recovery.
IT Vendors: Contact information for vendors of critical IT equipment or software.
ISP: Your Internet Service Provider’s contact details for reporting security incidents affecting network access.
Guide to Maintaining the Contact List
Collection of Information:
Compile the Initial List: Gather contact information from various departments and external partners.
Verify Details: Ensure that the contact information is correct and up-to-date.
Organization of Information:
Categorize Contacts: Organize contacts by department, role, or response function.
Accessibility: Store the list in an accessible yet secure location, known and available to key personnel.
Regular Updates:
Review Schedule: Establish a regular schedule for reviewing and updating the contact list.
Responsibility Assignment: Assign a team member or department the responsibility for maintaining the list.
Change Management: Have a process in place for promptly updating the list whenever there are staffing changes or new contact information.
Distribution and Accessibility:
Controlled Access: Ensure that the contact list is accessible to authorized personnel when needed, while keeping it secure.
Distribution: If the list is shared widely, consider ways to maintain its confidentiality, such as password protection or restricted access.
Best Practices
Integration with IRP: Ensure the contact list is integrated into your Incident Response Plan and other relevant cybersecurity policies.
Training: Regularly train staff on where to find the contact list and how to use it during incidents.
Test the List: Periodically test the contact information to ensure numbers, emails, and other details are correct and functional.
Maintaining an updated contact list is a simple yet crucial part of your organization’s cybersecurity preparedness. By ensuring you have quick access to the right people at the right time, you can significantly improve your response to any incident and maintain necessary communication channels during crucial moments.