Work a Security Incident to determine the cause of the violation
and resolve it.
To work a Security Incident (one that is
already in the In Progress phase):
- Open the Security Incident.
- Complete the
Incident Containment field and select a
reviewer.
- Use the form arrangement tabs to view information associated with
the Security Incident or to add Tasks for addressing the Incident.
- Overview
- Journals
- Runbook
- Security Events
- Granted Access
- Tasks
- Security Incident Timeline
- (Optional) Create supporting tickets from the
Actions list or initiate supporting actions.
These can be initiated at any stage prior to Resolved. A few are highlighted
below.
- Security Incident Notification:
Provides an email template that can be modified to send out notifications to
interested parties, such as Legal or HR.
- Grant Access to Users: Allows you to
add users that will now have rights to view and edit this Security Incident.
- Create a Preventative Action and
Create Corrective Action: Opens a
Preventative or Correction Action form.
- Create an IT Incident and
Create Change Request: Opens an Incident
or Change form.
- Complete the
Eradication and
Recovery Actions fields.
- Select an Incident resolution code.
- When appropriate, a Post Review can be completed on the Security
Incident. Select the
Post Review link (under
Stage) and complete the fields on the Post
Review form. You can go back to the other information by selecting the
Stage: Eradication and Recovery link. Select
the Stage: Post Review link to move to the Post Review
stage and complete the relevant
Post Review fields.
The Security Incident can be resolved prior to Post Review
being completed.
- Select the
Next: Resolved link to change the status to
Resolved. There is no Closed status.
Security Incident tickets can be resolved if there are
open Compliance Records. This can be modified by the customer based on business
requirements.