Developing an Incident Communications Plan*
You are the CSIRT leader for a major eCommerce website, and you are currently responding to a security incident where you believe attackers used a SQL injection attack to steal transaction records from your backend database. Currently, only the core CSIRT members are responding. Develop a communication plan that describes the nature, timing, and audiences for communications to the internal and external stakeholders that you believe need to be notified.
*Activity 11.3: Chapple, Mike; Seidl, David. CompTIA CySA+ Study Guide Exam CS0-002 (p. 400). Wiley. Kindle Edition.