Crisis Communication Framework

CYBERSECURITY RISK AND CRISIS COMMUNICATION FRAMEWORK

The Cybersecurity Risk and Crisis Communication Framework aims to support organizations in their communication in cybersecurity risk and crisis management.

This Framework was built to help organizations communicate in risk management processes and response to cybersecurity incidents, supporting the creation of communication plans to follow in crisis situations, listing steps, identifying essential professionals and functions in the communication team, and promoting the continuous improvement of the communication plans in place.

Considering these objectives, this Framework should not be treated as a normative or prescriptive document, but rather as a starting point for the creation of strategies, policies, and plans, which must be adapted to each organization’s characteristics and needs.

The first phase focuses on the communication plan preparation and elaboration, which includes the necessary steps to be taken in these processes, a mapping of risks and the selection of the relevant stakeholders. The second phase concerns practical aspects of crisis communication, such as the communication team activation, the steps needed for crisis reporting and notifications to CNCS, among other aspects. The last phase promotes the continuous improvement through a retrospective analysis of the situation to improve the future response.

This document was created for all organizations, especially for those with less internal skills in cybersecurity crisis communication.

Find the document here.