Incident Management
Organizations need a plan and a process to deal with incidents before they occur. Agiliance delivers an Incident Lifecycle Management Solution based on its leading IT governance, risk and compliance platform IT-GRC. Agiliance delivers a flexible process for incident handing that involves stakeholders from across the organization. The management team, asset owners, employees and others may be part of an Incident Response Team that gets involved once an incident is detected and classified.
The challenges
Incidents involving the compromise of business and personal information have been growing in severity and frequency. New types of incidents are emerging. Having a risk-led approach to Incident management can reduce the number of incidents. However not all incidents can be prevented.
Challenges often arise because:
- The Incident Management process is manual – figuring out who to notify and who should respond takes up valuable remediation time
- Organizations cannot track the response process – making it harder for effective post incident analysis
- Organizations with a large number of assets may by overwhelmed with large scale incidents – manual processes just cannot keep up
- Large organization with multiple locations need consolidated analysis – hard to correlate or recognize patterns for incidents occurring across different geographies
The Solution
The Agiliance incident management solution provides a project based approach to reporting, tracking and classifying incidents as they occur while employing a risk-led response based on criticality and business impact. The Agiliance solution delivers an active roles-based dashboard with the ability to drill down into the underlying critical assets that include IT and non-IT assets.
Agiliance Incident Management is a web-based solution that delivers capabilities to analyze the incident-related data and manage the response to each incident:
- Define and report events
- Import events or cases from Security Incident Management Systems (e.g. ArcSight)
- Evaluate Incidents
- Track Incidents
- Incident Management Actions
- Incident Reporting:
- Incident Resolution Orchestration:
- Across multiple Security Operation Centers
- Across multiple end point security solutions
- Workflow to Document False Positives for Auditors
- Incident Review and Resolution History Reporting
The Agiliance leverages its five-step IT-GRC process that includes sophisticated workflow, web-based survey questionnaire automation, and agent-less connectors to security incident management systems as well as remediation management systems to deliver a scalable enterprise class Incident Management Solution.
The Agiliance Incident Management Solution for IT-GRC allows incidents to be tracked through various stages and to be linked to assets as well as to risk and compliance metrics, providing a detailed view of business impact.
Agiliance can include assets from across the enterprise to measure risk and compliance. These assets include critical assets, cyber assets, people, processes and general purpose IT assets. Agiliance implements a rich common control framework that includes many regulations, standards and frameworks like ISO 17799, ISO 27001/27002, NIST SP800, CobiT, Sox, HIPAA, NERC, GLBA, FFIEC, FISMA, PCI DSS and many others.
Features
- Detect, initiate or import events from security automation tools
- Incidents can be managed and assigned to stakeholders as individuals or teams
- Incident response teams are identified in the solution
- Associate incidents to assets and conduct assessments with asset owners
- Post-mortem analysis
- Roles-based dashboards and reports with incident analysis and assessment results
Benefits
- Risk and compliance led response to incidents reduces overall occurrence
- Ability to detect and identify incidents quickly and remediate to reduce business impact
- Actions taken, incident status and lessons learned can be quickly summarized via dashboard and custom reports