Understanding the theory and applying it is one thing, but understanding the theory and applying it to reality is another. 

Two entities is a very simple concept to understand, but let's add another service: the ITIL Change Management Process.

Using this as an example of trying to build the communication channels between the three service organizations, we can start by asking some questions:

• Are there any service level agreements in place between these three entities?
• Are there any organizational level agreements in place between these three entities?

If the answer is yes or no, we would next have to understand the following:

• At what point does an IT incident go through the change management process?
• At what point does an IT security incident go through the change management process?
• Who is responsible for what during this process?
• Who is accountable for what during this process?
• Who is supporting during this process?
• Who is consulted during this process?
• Who is informed during this process?

Now between the managers of the IT incident response, IT security incident response, and change management organizations, the goal would be to:

• Understand the information requirement requests from higher management
• Understand the strategic relevance of communicating 
• Develop and establish a collaborative and integrated process
• Develop and establish SLAs/OLAs 
• Develop and establish metrics and accountability for handling the incidents
• Establish who has the authority to initiate a change request

All of these items are things to consider when trying to create a consolidated metric and communication channel for an end-to-end process.