Due to our extensive work in IT security, Modulo’s customers have often asked us for a “roadmap” or set of processes and templates to guide the development of their incident management capability. Modulo has developed a solution that integrates established best practices for incident management with a body of knowledge and framework for dealing with incident management challenges. The objective of Modulo’s solution is to help organizations restore normal service as quickly as possible, while minimizing any adverse impact on business operations.
Modulo’s incident management solution is based on its leading IT Governance, Risk and Compliance platform IT-GRC. This solution includes a process for incident handing that involves stakeholders from across the organization. The management team, asset owners, employees and others may be part of an Incident response team that gets involved once an incident is detected and classified.
Limitations of Current Practices
In many organizations the incident management process is manual, with no systematic approach for incident prioritization, resolution and remediation. These systems fall short for the following reasons:
- There is no established process for dealing with incidents before they occur
- Manual processes establishing who to notify and who should respond take up valuable remediation time
- There is no established reporting capability to capture knowledge gained from incident resolution
- Organizations with a large number of assets may by overwhelmed by large-scale incidents – manual processes just cannot keep up
- New types of incidents may emerge with no established process for dealing with them
- Organizations cannot track the response process, complicating post-incident analysis
- Large organizations with multiple locations need consolidated analysis: without it incidents occurring across multiple locations are difficult to correlate
How Modulo Risk Manager helps your organization with incident management:
- Able to detect, identify, and resolve incidents quickly to minimize business impact
- Able to detect, initiate or import events from security automation tools
- Incidents can be managed and assigned to individual or team stakeholders
- Incident response teams are identified in the solution
- Workflow capability documents false positives for auditors
- Web-based survey questionnaire automation and agentless connectors to security incident management systems as well as a comprehensive remediation management system
- Consolidates incident data across business units and locations in an access-control repository
- Dashboard for tracking and reporting on costs, related incidents, loss and recovery.
- Assignment of a lead investigator and support staff for each incident using workflow mechanisms to automatically notify personnel when incidents enter their case management queues
- Maintains an incident history and audit trail with the capability to display multiple versions of a record throughout the incident lifecycle. By linking incidents to specific remediation procedures, you can track all remediation efforts and approvals within a single record. You can also document incident closing incident, including post-mortem information.
- Monitors incident status and impact
- Reports cyber and physical incidents, manages escalation, tracks investigations and analyzes resolutions
- Actions taken, incident status and lessons learned can be quickly summarized via dashboard and custom reports
- Roles-based dashboards and reports with incident analysis and assessment results
- Modulo’s solution ensures regulatory compliance by supporting all certification and accreditation processes required by sections 3505 and 3544 of the US Federal Information Security Management Act, as well as the ability to report and manage incidents associated with government facilities and systems. Also provides a turnkey solution for compliance with the Whistleblower requirements of Sarbanes-Oxley sections 301 and 302.
