Vibranium is a fully integrated GRC platform that can be used to meet all of your Governance, Risk Management and Compliance needs. It boasts functionality that is comprehensive enough to be utilized by some of the largest organizations on the planet while presenting a user interface that is so simple and intuitive it can be used by the least technical people in your organization.
Governance, risk and compliance (GRC) refers to a strategy for managing an organization's overall governance, enterprise risk management and compliance with regulations. Think of GRC as a structured approach to aligning IT with business objectives, while effectively managing risk and meeting compliance requirements.
A well-planned GRC strategy comes with lots of benefits: improved decision-making, more optimal IT investments, elimination of silos, and reduced fragmentation among divisions and departments, to name a few
An incident is an event that could lead to the loss of, or disruption to, an organization's operations services or functions. Incident Management is the term used to describe the activities which an organization takes to identify, analyze and correct hazards to prevent a future re-occurrence. If an incident is not managed, it can escalate into an emergency, crisis or disaster. Our goal with Incident Management is to limit the potential disruption caused by such an event in order to return to business as usual, as quickly as possible. If we do not perform effective Incident Management, an incident has the potential to disrupt business operations, information security, IT systems, employees, customers and other vital business functions
The NIST SP 800-61 Rev. 2 Computer Security Incident Handling Guide provides a wealth of information on incident response. Our goal with any incident should be to respond as quickly and effectively as possible. A major benefit to having an Incident Management system is that it enables organizations to follow a consistent methodology and respond in a systematic fashion, ensuring that the appropriate actions are taken. Every organization should begin by documenting an Incident Response Policy, Plan and Procedure. The Policy should cover the statement of management commitment, policy objective, scope, definitions for key terminology, organizational structure and role definition, instruction on how to prioritize incident severity, performance measures, and reporting information. The Plan is like a roadmap for implementing the incident response capability. It covers the mission, strategies and goals, internal and external communications, metrics for measuring effectiveness, and the roadmap for maturing capabilities. Procedures should be based on the policy and plan and detail the specific technical processes, techniques, checklists and forms used by the Incident Response team. All of this documentation should be published in a location where all employees have access and updated at least annually.
For many organizations, one of the most challenging parts of the incident response process is accurately detecting and assessing possible incidents. For each incident which has been detected, we will need to identify the type, extent and magnitude of the problem. What makes this especially difficult is that most organizations have a variety of different means through which to detect incidents, with varying levels of detail and fidelity. On automated systems, the volume of potential signs of incidents is typically high, so we have to be able to analyze these events to determine the actual incidents. Even that can be difficult as deep, specialized technical knowledge and extensive experience are often necessary for proper and efficient analysis of incident-related data.
When we identified our incident, we defined three values that will help us to prioritize our response to this incident versus any other incidents that are currently active. These values are:
Now that we've determined our incident's priority, we can focus on the actual remediation effort. This is split into three phases. In the Containment phase, we are looking to identify the systems affected by the incident, determine the scope, and determine if other systems are at risk of compromise. In the Eradication phase, we are looking at how do we eliminate the incident from our environment which may involve system patching, malware removal, and other security configuration changes. In the Recovery phase, we are trying to restore our operations to their state prior to the incident. SimpleRisk contains nine playbooks, by default, which provide suggested actions to take in each of these phases. These playbooks include common incident types such as:
As you respond to the the incident, Vibranium also provides the ability to attach evidence documenting your activities, as well as the ability to add notes to the incident to document the steps taken.
Vibranium was designed from the ground up to be as simple and intuitive as possible in order to enable users of varying skill levels to be effective using it. With the addition of the Incident Management Extra, Vibranium can now not only handle the Governance, Risk Management, and Compliance needs of organizations, but also their Incident Management needs, as well. We would welcome having an opportunity to join you on your Incident Management journey and would encourage you to schedule a call with our team, where we can discuss your requirements and demonstrate, firsthand, how Vibranium can help you accomplish your goals.