Work a Security Incident
Work a Security Incident to determine the cause of the violation and resolve it.
To work a Security Incident (one that is already in the In Progress phase):
- Open the Security Incident.
- Complete the Incident Containment field and select a reviewer.
- Use the form arrangement tabs to view information associated with
the Security Incident or to add Tasks for addressing the Incident.
- Overview
- Journals
- Runbook
- Security Events
- Granted Access
- Tasks
- Security Incident Timeline
- (Optional) Create supporting tickets from the
Actions list or initiate supporting actions.
These can be initiated at any stage prior to Resolved. A few are highlighted
below.
- Security Incident Notification: Provides an email template that can be modified to send out notifications to interested parties, such as Legal or HR.
- Grant Access to Users: Allows you to add users that will now have rights to view and edit this Security Incident.
- Create a Preventative Action and Create Corrective Action: Opens a Preventative or Correction Action form.
- Create an IT Incident and Create Change Request: Opens an Incident or Change form.
- Complete the Eradication and Recovery Actions fields.
- Select an Incident resolution code.
- When appropriate, a Post Review can be completed on the Security
Incident. Select the
Post Review link (under
Stage) and complete the fields on the Post
Review form. You can go back to the other information by selecting the
Stage: Eradication and Recovery link. Select
the Stage: Post Review link to move to the Post Review
stage and complete the relevant
Post Review fields.
The Security Incident can be resolved prior to Post Review being completed.
- Select the
Next: Resolved link to change the status to
Resolved. There is no Closed status.
Security Incident tickets can be resolved if there are open Compliance Records. This can be modified by the customer based on business requirements.