022: The Good, Bad, and Ugly of Security Incident Reports
On today’s episode, we discuss what separates a good security incident report from ones that are bad or just truly ugly. These reports are the most direct representation of your work to the customer, so it’s important to make sure they are thorough, detailed, and professional.
“A good report is accurate, specific, factual, objective, clear, complete, and concise,” says Chris.
Listen, Rate, and Review this Episode in iTunes or Stitcher Radio:
Helping The Customer
There are our basic criteria, but how do we determine if a report meets those standards. To get a sense of how useful a report is, imagine reading it from the perspective of the customer.
The primary purpose of an incident report is to help someone who wasn’t there get a sense of precisely what happened.
Too often, however, we see reports that are almost incomprehensible to customers that didn’t witness the incident. Maybe there’s too much lingo, key details left out, inaccurate or biased statements, or the chronology of events is off. Whatever the case, a confusing report doesn’t help anyone.
Make sure to include all the necessary information, and nothing more. A longer report is not necessarily a better report. Too much information can confuse customers just as much as not enough information, so it’s important to keep the report as short as possible while still answering the five W’s and an H: Who, What, When, Where, Why, and How.
The way we present reports to customers heavily impacts the way they read them. A thorough, concise, and accurate report will still give customers a bad impression if it’s written in crayon. That’s not a joke either, Chris has actually encountered guards writing incident reports in crayon before.