Reporting of incidents is performed (for example, internal reporting, ICS-CERT, relevant ISACs), at least in an ad hoc manner
Context and Guidance: Cybersecurity incident response staff must know what incident information should be reported to various internal and external stakeholders, within what timeframe, and whether there are any constraints (such as legal review of the information to be shared). When possible, assign a single person responsibility for reporting an incident throughout its duration to keep messages consistent as the event evolves. Keep contact information for stakeholders up-to-date. Stakeholders may include personnel, such as public relations team members or legal representatives, that are not involved in the direct response to an incident but must be informed to support the sustainment of the organisational operations.
Related Practices • Information Sharing: This practice is part of a group of cross-domain practices that enable information sharing with organisational stakeholders. These include: THREAT-1i, THREAT-2h, THREAT-2k, RISK-1c1d, SITUATION-3a, SITUATION-3c, SITUATION-3d, SITUATION-3e, RESPONSE-2g, RESPONSE-3c, RESPONSE-3f.