On April 11, 2024, the National Cybersecurity Center (CNCS) published guidelines to help organizations in responding to cybersecurity incidents.

What are the main recommendations in the guidelines?

The CNCS recommends three phases for organizations to notify a cybersecurity incident:

• phase 1: gather the necessary information and measures, such as the list of contacts, templates for notifying different stakeholders, war rooms, and alternative means of communication;
• phase 2: effectively responding to cybersecurity incidents by activating the communications team, reporting the incident, documenting the incident, communicating the formal closure of the incident, and repairing reputation; and
• phase 3: after concluding the incident, gather feedback, review the incident and evaluate the communications plan, reevaluate and review risks, and communicate the results of the new risk analysis.

How to report a cybersecurity incident?

The guidelines also provide different templates for communicating incidents to different groups, as well as links for notifying the CNCS. The CNCS notes that there are three kinds of notifications: initial notification, end of relevant or substantial impact notification, and final notification.

You can read the press release here, the guidelines here, and a summary here, all only available in Portuguese.