Strong security for sensitive incident data.

CISOBox’s technology comprehensively protects confidentiality and integrity.

As CISO’s and their teams are well aware, information security incidents are different from other incidents, such as help desk or “availability” incidents. One critical difference is the sensitivity of the associated data:

Often the disclosure of cyber incident data could have serious negative consequences for an organization.  Whether an incident is regarding a breach of regulated data, an embarrassing HR-related investigation, serious system or data vulnerabilities and risks or similar, its inappropriate or untimely disclosure could result in negative press coverage, lawsuits, successful cyber attacks and other costly outcomes.

Because of these risks, standards, best practices and common sense compel CISOs and their teams to look for ways to restrict access to their incident data and ensure its integrity is protected.  Yet teams often struggle to find solutions that deliver the appropriate security.

CISOBox can help.

Its unique system provides comprehensive protection of the confidentiality and integrity of incident data using technology built for, accredited by and used on an enterprise scale within US Federal Intelligence Agencies to manage classified missions and associated classified data. The product’s security technologies were built from the ground up to address intelligence agencies’ needs to protect sensitive information while at the same time increasing efficiency for teams managing missions.

Through these security technologies, CISOBox offers Chief Information Security Officers and their teams a powerful solution to the problem of how to secure sensitive incident data.

Hardened Appliance

CISOBox’s security starts with the hardened, full stack appliance within which incident data is stored.

The base of the appliance is SE Linux, the NSA’s “Security Enhanced” edition of Linux.  The OS’s mandatory access control capabilities and associated configurations and policies are used to minimize the risk that attackers can gain unauthorized access to the system and its data.

CISOBox’s application software forms the second layer of the hardened appliance.  This software is repeatedly tested and accredited by US Federal Intelligence agencies for its ability to withstand attacks.

At the top of the stack is CISOBox’s secure, web-based user interface.   This web-site is published in conjunction with an SSL certificate and may only be accessed through appropriate versions of TLS.  The web site consists only of HTML5 with no Flash or Java, reducing vulnerabilities and risks.  Finally, users must authenticate with a user name and password with password strength enforced through flexible, configurable rules. 

The bottom line is that CISOBox’s hardened appliance places a protective wrapper around sensitive incident data through its comprehensive set of technology-based protections to substantially mitigate the risk of unauthorized or malicious access and disclosure. 

Two Factor Authentication

To further mitigate the risk of unauthorized access, CISOBox offers built-in two-factor authentication.  The system can optionally be configured to require users to enter a time-based one-time passcode following successful username and password authentication.  Compatible with Duo Mobile and other similar mobile-device apps, this TOTP-based capability provides an extra layer of protection for users’ accounts to mitigate the risk of compromised passwords. 

Need-to-Know Access Controls

CISOBox not only protects data from external threats, but also from users of the system itself.

Support for shared records accessed by multi-user incident response teams is a key benefit of CISOBox, providing those teams with an efficient means of managing data collection and IR processes together;  however, given the sensitive nature of incidents and their data, it’s critical that info sec teams be able to appropriately restrict access to sensitive data by users of the system.  In fact, for highly sensitive incidents - or investigation notes or evidence files – info sec teams likely want to control access very tightly and on a need-to-know basis.

CISOBox provides precisely the granular access controls needed to address this requirement.    Access can be restricted at the incident record level through both sensitivity markings (or classifications), as well as by specifying precisely which individuals may access the record – and which may not.   In addition, within the incident record itself access can be further restricted at the journal entry and evidence file level.

These fine-grained access controls allow CISOs and their teams to precisely restrict access to sensitive incident data to preserve confidentiality and mitigate the risk of inappropriate disclosure, while at the same time providing shared access to incident records for efficient, team-based incident handling.

System-of-Record Functionality

Finally, CISOBox is built as a system of record.  Specifically, the system allows users to input data, but never to delete it.  Users can modify information, of course, so they can input and update incident records, journals and other data to accurately reflect the results of their investigations and actions; however, when any and all data is modified or edited out of the visible interface, CISOBox retains a copy in its database, including the data as it appeared prior to editing, as well as who modified it and at what time and date.  A detailed audit trail cataloging both the data and changes to it is available at any time for review and inspection by users, administrators and others.

CISOBox’s system-of-record functionality ensures the integrity of incident data and allows information security teams to both know that integrity and prove it to others including auditors, regulators and courts of law.

 

Intelligence Agency-Grade Security for Cyber Incident Data

The risks to organizations of improper access to and disclosure of cyber incident data are substantial.  But how can CISOs and their teams provide the appropriate security for the confidentiality and integrity of their data?

The answer is CISOBox.

Built to protect classified information for US Federal Intelligence Agencies, its unique security technology provides comprehensive capabilities to protect sensitive incident data, while also supporting efficient incident response. 

Standards, best practices and common sense dictate the need to provide strong protections for cyber incident data. Get the security needed with CISOBox. 

Contact us today to schedule a demo of its unique, intelligence agency-grade incident data protection and management capabilities.

NIST 800-61 Revision 2

Walk through the recommendations that the National Institute of Standards and Technology has regarding incident handling.

Higher Education Case Study

Wondering if CISOBox is right for your organization? Read about Case Western University and the impact CISOBox had for them.