robot_phoneby Julie Fuggett

Clear, concise, well-written e-mails can be the key to getting what you want, but have you ever considered that they can also save you time, headaches, and even keep you out of hot water?

During the incident handling process, we all know that communication is key. Everyone on the incident handling team must know what the expectations are for their behavior. What is needed of them and when? What should they do? What should they not do? This is especially important if you have technical support staff members who are not full-time IT security staff assisting with incidents. Clear, concise messages that set expectations in black and white can be the one thing that stands between much-needed evidence and spoliation brought on by a network admin who thought he or she was doing the right thing.

Are you re-inventing the wheel every time you handle an incident? You may know the process backwards and forwards in your own head, but what if you have to pass the incident off to another staff member or bring in someone from outside the security office for help? Do you have faith in your own ability to explain all the ins and outs of handling an incident to someone who rarely (or never) gets involved? Having to document all the do’s and don’ts of incident handling during the incident could lead to very costly mistakes. Clear, consistent communications are key to getting your point across as well as documenting what has been done and what needs to be done.

Well-designed message templates can save precious time and mistakes when an incident has occurred. These messages should be formatted to be easy to read, concise, and written to suit the technical acumen of their potential audience. They should say what is okay to do to the system in question as well as which actions should absolutely not be performed. If a message regarding notification of a compromise is to be sent to an IT staff member outside the security office, you may wish to give them a list of actions to perform (assess the physical state of the system, fill out an initial survey with the user of what data is present, etc) and remind them not to attempt to clean an infection on a compromised system.

Depending on the structure of IT in your organization, they may also need to lay out consequences for lack of compliance with the instructions in the message. These could be technological (loss of network access) or administrative (report to HR) in nature.

Consistent communication isn’t just for incident handling, however! Use it to your advantage when dealing with customers and clients as well. Find efficiencies in the way you communicate with outsiders that set clear expectations on what you can do for them or share with them. You can also use this as a way to gauge the efficiency of other services. If you find that you are repeating the same set of instructions to your users over and over and over again, perhaps it is a sign that your service is making its users work for it instead of the other way ‘round.

Finally, make sure any message templates you choose to use are vetted. (For the sake of professionalism, you should also have them proofread!) Incident response templates should likely be vetted by management and counsel. Customer communication message templates should be vetted by representatives of your user community and not just by “the guys around the office.”

About the Author Guest Blogger

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Don't know where to start?

Check out Security Catalyst Office Hours to meet your peers and celebrate the good, help each other, and figure out your best next step. We meet each Friday… and it’s free to attend.