The department shall establish and make known methods an entity must use to securely disclose cybersecurity incidents to the department.