In the middle of a crisis or a security incident, communications is often underappreciated. There is a lot of work to be done in this regard, such as communicating with employees, customers, regulators and other managers--not to mention the media and analysts.

So it may make sense to take a page from the enterprise security and risk management playbook of Caterpillar, whose efforts were recently featured in CIO magazine. One essential element in the overall plan was to appoint a communications czar, who is tasked with all essential internal and external communications programs when it comes to security and related issues.

Ideally, the job is a lot more proactive than it might sound on paper. It certainly comes down to more than drawing up incident response plans, though that is part of the job. The proactive part comes in the form of educating insiders and outsiders about security and compliance efforts and issues. Newsletters, educational materials, brochures and the like are all part of the equation.

The overall point here is to raise the profile of security and risk management-related threats as well as maintain internal brand awareness for security team. Depending on your needs, you might also have this person serve as spokesman when the press comes calling, which they might in the wake of a breach. We've seen several incidents--the recent Citigroup breach, for example--when the information made available to the media and to customers was criticized as being insufficient. There are many communications needs when it comes to security. It may be too much for a single staffer, but perhaps there needs to be as single person calling the shots.

For more:
- here's the article

Related articles:
Facing blame for breaches, companies get tough on employees   
Should Citi have done more for breached customers?