By Jennifer Lyn Walker
As highlighted in the December 2019 FB-ISAO Newsletter, one of the earmarks of a successful information sharing organization is receiving confidential incident reports from members. Incident reports not only serve as notification an incident has occurred and used to request assistance (if needed), but incident reports provide a better situational awareness and understanding of the threat landscape through the submission of actual events. FB-ISAO released a beta version of our Incident Reporting (IR) capability in December 2019. With feedback from members, an updated version of our IR is now available on the #general channel of the FB-ISAO workspace.
The more awareness we can share with others, the better prepared we will be individually and as a community.Jennifer Lyn Walker, Director of Cybersecurity Services
Why should members file an Incident Report? Why should members file an Incident Report? In the context of information sharing organizations, such as FB-ISAO, incident reports help us provide awareness of threats to others, as appropriate. The more awareness we can share with others, the better prepared we will be individually and as a community. Being aware of actual incidents enhances FB-ISAO’s analytical reports, and enables us to communicate relevant mitigation actions to help other members reduce the risk posed from similar activity, effectively respond to future events, or prevent similar incidents from occurring. Incident reports are also used to identify potential trends of hostile (physical and/or cyber) activity across our community. Furthermore, the importance of reliable and up-to-date incident reports are invaluable during investigations and analysis.
When and what should members report? Incident reports should be submitted to FB-ISAO only after there is no further danger posed to individuals or organizations, but while details (even if incomplete) are still fresh in your mind. The FB-ISAO Incident Report form will guide you through the type of information to include, such as: who you are; type of incident (physical, cyber); when the incident started and/or when it was detected (for cyber incidents these times are often different); a brief description of the incident and steps you have taken in response; if there were any injuries (physical) or compromised information (cyber); and anything else you deem important for us to know.
How does FB-ISAO use information members provide? As a reminder, incident reports are never shared “as-is” without explicit approval from the reporting member. While some information may be shared anonymously to provide awareness and advise the broader faith-based community about increased concerns and observed threats among the membership, we will still ask your permission to share before doing so in any capacity.
How do members report an incident to FB-ISAO? While you can always reach out to us directly, the best way to file an incident report with FB-ISAO is through the FB-ISAO Slack workspace. Navigate to the #general channel in the FB-ISAO Slack workspace, click the lightning bolt in the top right menu bar, answer a few simple questions (mentioned above), then click submit. That’s it! Your incident report will be securely sent to FB-ISAO for further action. You will receive a response from relevant staff depending on the type of incident reported (physical or cyber) within the specified timeframe (business hours/days in Eastern Time). Likewise, at that time, we will discuss how we would like to use or further disseminate the information you provide and get your explicit permission before disseminating anything.
FB-ISAO is continually enhancing capabilities available to our members and welcome ideas on how we can better contribute to the security and resiliency of the faith-based community.