[Update: I've an evaluating Google Buzz as a vehicle for crisis communications, such as public announcements and interaction following an information security incident.]
Public communications are an under-appreciated facet of cybersecurity. Over the years, I have increasingly emphasized public communications in my SANS LEG523 course on the law of information security (which includes e-discovery, record retention and internal investigations).
Public communications is much more than just press releases and press conferences. It embraces a wide array of public statements related to IT security -- policies, disclaimers, web notices, contracts, network terms & conditions, blogs, filings submitted to regulators, interactions with law enforcement, breach notices to consumers, declarations made in courts of law, and much, much more.
For instance, observe how central publicity is to the pivotal IT security lawsuit PlainsCapital Bank v. Hillary Machinery.
If anything could summarize my 5-day LEG523 course, it would be this: Words count, and words need to selected carefully. The words your enterprise utters to the world can have an astonishing impact on legal liability, public reputation, regulatory compliance, the cooperation (or not) of law enforcement and so on. Silence also counts, and silence is often a bad idea.
No other training course in the world will shake up your thinking about information and computer security as much as LEG523.
I'd be happy to answer questions about the course.
Learn more and register.
--Benjamin Wright, Senior Legal Issues Instructor, SANS Institute