Detected cybersecurity events are reported to a specified person or role and documented, at least in an ad hoc manner
Context and Guidance: Establish a collection point for reporting actual or suspected cyber events, such as a help desk. Contact information for that person, role, or group should be made known to all of the function’s stakeholders. The contact should be someone who has knowledge of cybersecurity practices and issues and who can accurately document reported event information and possibly even do basic troubleshooting. Alternatively or additionally, events might be reported via an internal system such as a virtual help desk on an intranet.
Related Practices • Progression: This practice is part of multiple practice progressions. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in the first progression include: RESPONSE-1a, RESPONSE-1b, RESPONSE-1c, RESPONSE-1f. • The practices in the second progression include: RESPONSE-1a, RESPONSE-2f.