Summary
It is the responsibility of an organization to report to different parties after it has experienced a breach. Not only does this provide crucial information about the incident to interested entities, but it also helps protect the organization's brand and reputation.
Firms should focus on reporting to four key entities: the IR team, the SOC team, third parties, and the media. The report to the IR team should give a succinct description of the incident, the identified cause, the mitigation measures taken, and recommendations for future incidents. The SOC team should be given an unfiltered report that extensively describes the incident, gives the preliminary or confirmed causes of the incident, and provides necessary follow-up recommendations. Reports to third parties can vary depending on the entity being addressed. Nonetheless, the report should describe the incident and its cause, the employed mitigation measures, and the short-term and long-term business impacts...