Incidents
Incidents Module
This page contains information to assist our customers with utilizing the Incidents module in RegScale. It describes what it is, why you would use it, the benefits, and provides instructions on getting started.
What is it?
An incident is a negative event which could jeopardize the safety or security of a customer's information, people, or assets. Incident Response is the process of performing triage actions to mitigate the immediate damage of an event, discover its cause, and to recover from the event.
Why would you use it?
Incidents are commonly used within cyber security, physical security, or safety programs to track negative events that require an immediate response. There are many reasons to manage incidents which include:
- Tracking incident response actions (i.e. as part of a Security Operations Center (SOC))
- Categorizing and tracking/trending incidents relative to severity
- Performing mitigation actions and restoring operations
- Tracking incident timelines as part of forensic analysis
- Conducting causal analysis to indentify the root cause of an incident
What are the benefits?
A strong incident response program results in multiple benefits for an organization; to include:
- Reducing Mean Time to Respond to incidents
- Leveraging trend analysis to pro-actively mitigate future events
- Reducing down time from events and track mitigation actions
- Recovering from negative consequences such as cyber attacks, insider threat, safety issues, and other incidents
- Conducting forensic analysis to collect and turnover relevant evidence to the authorities; as applicable
- Performing corrective actions to address the root cause of an incident and to prevent recurrence
How do I use it?
The incident module in RegScale Community Edition (CE) provides a number of key features that are useful in managing a robust program, to include:
- Tracking detection and response related dates for incidents
- Tracking the incident response phases
- Conducting risk assessments related to incidents
- Tracking incident response tasks and collecting evidence
- Conducting causal analysis and building a forensic timeline of important events related to the incident
- Assigning ownership of incident and response actions for accountability
- Real-time tracking and dashboards
- Automation of evidence collection and forensic data via our Application Programming Interfaces (APIs)
- Single pane of glass assignment tracking via our work bench
- Automated workflows for review and approval
- Interactive timeline builder for forensic analysis
- Social collaboration via our News Feed (LinkedIn for Compliance) and real-time commenting system
- Secure evidence management with our file upload and encryption system
- Audit history including every view, update, print, email, etc.
- Calendar view to visualize incidents over time
For our Enterprise Edition (EE) customers, you get all the great features above, plus we add:
- Ability to create custom fields to extend the schema and build out customer specific data entry forms
- Integration with Microsoft Teams and Slack for real-time collaboration
- Ability to host a multi-tenant version to segregate data by site, customer, organization, etc. to run many different incident response programs with complete data isolation from a single installation (i.e. separate tenants for cyber security, physical security, and safety)
- Real-time interactive dashboard with Microsoft PowerBI AddOn
Updated 10 months ago