...
Who to include as the security contact?
- An appropriate security contact, such as an individual or generic contact who has agreed to adopt the Sirtfi Framework on behalf of the entity, with existing security responsibility within an organisation.
- Existing incident response structures, including CERTs, may be leveraged where available
- This contact will:
- Use and respect the Traffic Light Protocol (TLP) during all incident response correspondence
- Promptly acknowledge receipt of a security incident report
- As soon as circumstances allow, investigate incident reports regarding resources, services, or identities for which they are responsible
...