Control 19.5: Maintain Contact Information for Reporting Security Incidents

Assemble and maintain information on third-party contact information to be used to report a security incident, such as Law Enforcement, relevant government departments, vendors, and Information Sharing and Analysis Center (ISAC) partners.

Category

Procedural

Purpose

Incidents often necessitate the involvement or notification of multiple third-party organizations. Depending on the nature of the incident, it may be necessary to contact law enforcement, other government agencies, vendors and business partners, or Information Sharing and Analysis Center (ISAC) partners. It is best to have the contact information for these organizations consolidated, up-to-date, and easily accessible, as it may be difficult and time-consuming to try to look up all of this information while an incident is taking place. Keep in mind that some cyber incidents may result in limited access to networks and files during incident response, so having this information available in varied locations or formats (including a hardcopy) can also be helpful.

Automation

There is no way to automate this this Sub-Control. Yet this does not mean that an incident response plan and associated response procedures must be made from scratch. It is possible to obtain incident response procedures from other similar organizations that already have them in place. These procedures likely nominate management and technical roles for certain response positions, and these can be can be modified to fit an organization’s needs.

Guidance and Tools

Many organizations offer useful incident response guidance.