Incident Manager ControlCase - Managed Compliance PCI SOX GLBA HIPAA FISMA ISO 27002 Security Regulations Software, Services, Certification

ControlCase Incident Manager

More information

Regulations require the ability to escalate and alert when a compliance breach occurs or when an event is not being processed in a timely manner. For example, the Federal Information Security Management Act (FISMA), requires that each federal agency develop, document and implement agency-wide information security programs which includes the process for reporting and escalating security incidents.

ControlCase Incident Manager delivers the most comprehensive incident management system available. It centralizes the reporting, tracking and resolution of incidents in an easy-to-use, Web-based format. It allows organizations to stay in front of incidents that, if left unattended, could cause serious consequences. ControlCase Incident Manager enables secure reporting, as mandated in FISMA, to US-CERT through PGP encryption.

ControlCase Incident Manager tracks the lifecycle of an event using four phases:

Events: Receive events through email, web based interface or connect to third party system using interfaces.
Incidents: Classify appropriate events as incidents and assign them to investigators.
Response: Provide centralized view for incident handling and evidence chain of custody.
Reporting: Report to third parties such as FBI and CSIRT, internal parties for SLA's and total incident cost.

During each phase of the lifecycle, access controls strictly govern a users' ability to access data. In addition, all entries are logged and the evidence chain of custody ensures that evidence is accounted for through each step of the investigation.

Key Features

Event Reporting

Report events through email to a set of email addresses
Report events through an anonymous web page
Report events in a manner such that they can be tracked to individuals
Report events into the Incident Management system through automatic feeds from a third party system

Incident Management

Assign events to investigators as "Incidents"
Classify incidents as High, Medium or Low severity
Flexibility in assigning appropriate roles to users or groups.
Flexibility in assigning incident manager functionality to one or more roles.
Automatic assignment of tracking numbers to each incident

Response

View data as it was generated during "event" stage
Log response actions along with evidence numbers for physical evidence
Upload soft copy of evidence (such as log files) along with evidence number and hash of the files to maintain chain of custody
Evidence cannot be modified
Request closing of incidents and managerial review prior to closure

ControlCase Incident Manager includes a robust reporting capability Reporting

Report to external agencies such as FedCIRC and CERT/CC through secure channels depending on your internal network
Customize reports for internal use such as incident tracking, SLA reporting and work load management
Customize graphs and charts for internal use such as incident per month and incident breakup by classification
Report on costs of incidents using the I-CAMP model