» HomeSolutions → Incident Management

Incident Management

BCS has developed a solution that integrates established best practices for incident management with a body of knowledge and framework for dealing with incident management challenges. The objective of this solution is to help organizations restore normal service as quickly as possible, while minimizing any adverse impact on business operations.

BCS’ incident management solution is part of our overall security management solution and includes a process for incident handing that involves stakeholders from across the organization. The management team, asset owners, employees and others may be part of an Incident response team that gets involved once an incident is detected and classified.

Limitations of Current Practices

In many organizations the incident management process is manual, with no systematic approach for incident prioritization, resolution and remediation. These systems fall short for the following reasons:

  • There is no established process for dealing with incidents before they occur

  • Manual processes establishing who to notify and who should respond take up valuable remediation time

  • There is no established reporting capability to capture knowledge gained from incident resolution

  • Organizations with a large number of assets may by overwhelmed by large-scale incidents – manual processes just cannot keep up

  • New types of incidents may emerge with no established process for dealing with them

  • Organizations cannot track the response process, complicating post-incident analysis

  • Organizations with multiple locations need consolidated analysis: without it incidents occurring across multiple locations are difficult to correlate

How BCS’ solution framework helps your organization with incident management:

  • Able to detect, identify, and resolve incidents quickly to minimize business impact

  • Able to detect, initiate or import events from security automation tools

  • Incidents can be managed and assigned to individual or team stakeholders

  • Incident response teams are identified in the solution

  • Workflow capability documents false positives for auditors

  • Consolidates incident data across business units in an access-control repository

  • Dashboard for tracking and reporting on costs, related incidents, loss and recovery.

  • Assignment of a lead investigator and support staff for each incident using workflow mechanisms to automatically notify personnel when incidents enter their case management queues

  • Maintains an incident history and audit trail throughout the incident lifecycle. By linking incidents to specific remediation procedures, all remediation efforts and approvals can be tracked to incident closing resolution, including post-mortem information.

  • Monitors incident status and impact

  • Reports cyber and physical incidents, manages escalation, tracks investigations and analyzes resolutions

  • Actions taken, incident status and lessons learned can be quickly summarized via dashboard and custom reports

  • Roles-based dashboards and reports with incident analysis and assessment results