Reporting to third parties
There are many third parties interested in the affairs of an organization, particularly cybersecurity incidents. Such parties include government agencies, regulatory bodies, and organizations within a supply chain. Regulatory bodies are mostly focused on compliance while partner organizations are concerned about the impacts of an incident on normal business processes. Therefore, when reporting to third parties, there could be diverse focus areas depending on the party intended to receive the report. However, at the bare minimum, an incident report to third parties should include the following elements.
Description of the incident
This should be a succinct explanation of the events that occurred before, during, and after the incident. The details could be put in simple terms for a non-technical audience but technical jargon can be used for some entities, like regulatory bodies.
Cause of the incident
It is important to highlight the cause...