Cyber & IT Supervisory Forum - November 2023

Internal Use Only

Discussion Questions 1. Considering the incident is now public, which external parties should the company inform about the ransomware event at this time? 2. Do you still believe the organization should wait for formal inquiries from the media before responding? Who within the organization should be responsible for making this decision and initiating the response efforts? Should the organization proactively issue a press release, or engage in other forms of public outreach, such as social media postings?

Instructions • Discuss each of the questions at your table • Be prepared to provide a summary to the group • Table Discussion: 6 minutes; Summary Report: 4 minutes

21

Internal Use Only

Inject 4 Lessons Learned Time: 15 minutes Table Discussion: 10 minutes, Summary Report: 5 minutes

22