Content library
CyberFundamentals (Belgium)
RC.CO-2: Reputation is repaired after an incident.

How to fill the requirement

CyberFundamentals (Belgium)

RC.CO-2: Reputation is repaired after an incident.

Task name
Priority
Status
Theme
Policy
Other requirements
Internal communication about the organization's risk situation
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Cyber security management
requirements

Task is fulfilling also these other security requirements

16: Organisaationlaajuinen viestintä riskitilanteesta
Sec overview
DE.DP-4: Event detection information is communicated.
CyFun
RC.CO-2: Reputation is repaired after an incident.
CyFun
1. Task description

The organization has an operating model for regular communication to the entire organization about the risk situation in information security and about new significant risks affecting the organization.

Information can be implemented, for example, as a collaboration between the information security core team and communication professionals.

Communication plan for information security management system
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Cyber security management
requirements

Task is fulfilling also these other security requirements

RC.CO-2: Reputation
NIST
5.1: Leadership and commitment
ISO27k1 Full
7.4: Communication
ISO27k1 Full
20.1: Top management commitment
NIS2
CC2.2: Internal communication of information
SOC 2
1. Task description

The organization shall determine which issues related to the information security management system need to be communicated on a regular basis. The plan must include the answers, e.g. to the following points:

  • What issues are communicated? These can be e.g. new or changed security objectives
  • How and when to communicate?What channels are used and how often?
  • To whom is communicated? How often for security executives, how often for the entire organization or partners.
  • Who takes part? Who has the right to message and from whom, for example, messages should be approved.

Task owner will take care of the implementation of the plan and regular evaluation of its effectiveness.

Implementing a crisis response strategy
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Cyber security management
requirements

Task is fulfilling also these other security requirements

RC.CO-2: Reputation is repaired after an incident.
CyFun
1. Task description

The organization develops and implements a crisis response strategy to protect the organization from the negative consequences and reputational damage of a crisis. This strategy should include predefined actions to manage public view, control the narrative, and mitigate the impact of the crisis on the organization.

Communication to stakeholders on continuity plans
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Continuity management
requirements

Task is fulfilling also these other security requirements

VAR-03: Jatkuvuussuunnitelmat
Julkri
34: Sidosryhmien välisen viestinnän mahdollistaminen
Sec overview
21.2.c: Business continuity and backups
NIS2
CC2.3: Communication with external parties
SOC 2
CC7.5: Recovery from security incidents
SOC 2
1. Task description

The organization shall have procedures in place to communicate effectively with stakeholders and other participants during continuity plans and survival procedures.

Communication plans related to continuity plans shall include:

  • Responsible persons, related stakeholders and other necessary contact information
  • Clear criteria for the situation where continuity communication will be implemented
  • A clear description of the staff implementing the continuity communication in each situation and the recipients to whom the communication will be sent
  • References to the templates and tools to be used
No items found.