All of your Incident Data in One Place.
Managing data in multiple disconnected systems is a nightmare. And without a system like CISOBox, data collected during incident handling will overflow into multiple disconnected systems. Emails, spreadsheets, word processing documents, log files, indicators of compromise – tracking and using the disparate elements of an incident quickly becomes unmanageable without a central place to store them. And, of course, when you're in the middle of an incident, the challenge of managing data is compounded by the need to respond quickly. .
CISOBox creates a single, shared repository for efficiently managing data.
The product’s comprehensive incident record allows it to function as a “home base” for all of the data, documentation and communication associated with an information security incident. Put simply, it's incident data management made easy.
CISOBox features a full suite of cyber incident data management tools.
A Structured Incident Data Form.
The core of every CISOBox incident record is a comprehensive form that provides a place for all field-oriented data. The form’s fields and values are based on industry standards including NIST 800-61r2 recommended incident data and US CERT public incident data. Fields provided include: Incident Type, Compliance Type, Status, Stage, and Severity, as well as a complete set of dates and times represented in a standard format that includes a time-zone offset.
An Incident Response Journal.
Incorporated into each incident record are journaling capabilities for use during incident handling. The Incident Response Journal provides an interface through which each incident responder can quickly and easily add journal entries to document their activity, their observations, and their decisions. All journal entries are date- and time-stamped and user attributed. As with all elements of the incident’s record, journal entries are shared so multiple users can view and edit the journal at the same time.
An Evidence Journal.
Identical to but separate from the Incident Response Journal, the Evidence Journal provides an interface for journaling the handling of digital and physical evidence. This journal can provide documentation for chain-of-custody purposes. As with the Incident Response Journal, all entries are date- and time-stamped and user attributed.
An Evidence & Artifacts File Repository.
Beyond form data and journals, CISOBox provides a location for attaching files to the incident record. This “Evidence and Artifacts” interface allows incident responders to upload multiple files to be stored alongside of the other elements of the incident. Log files, interview notes, malware samples, email messages, PDFs and other file-based documentation can be directly attached to the incident. Files up to 500MB can be stored. The contents of attached files can be previewed through a convenient interface that allows viewing files without downloading them. Standard formats including Word, Excel, .msg, .eml, PDF, PNG and many more can be previewed.
A Secure Messaging Platform.
Any secure messages exchanged between incident responders on the CISOBox system can also be attached to the incident record. When messages are sent, they are either automatically or manually tagged with the associated incident’s ID. All such messages are then visible and can be accessed and viewed through a “Messages” interface on the incident record. This keeps message data together with all other incident data making it easily accessible both during incident handling for communication purposes and after the incident is resolved for reporting purposes.
A Powerful Data Search Capability.
In addition to being collected together and displayed through a single interface, all of the incident’s data, documentation and communications are indexed and searchable. This includes all form data (fields and values), all journal entries, all messages, and all attached evidence and artifacts files – including the contents of these files. Using CISOBox’s search interface, incident responders can quickly and easily find any elements of the incident’s data they are looking for.
The benefits of a mature information security incident management system are many.
CISOBox makes information accessible.
The single, central, comprehensive, shared incident data repository provided by CISOBox brings valuable benefits to information security teams. The solution gives incident responders a single place to go to either find information they need, or to store information they’ve collected or generated.
CISOBox facilitates quick communication in the wake of an incident.
By giving them one place to go, CISOBox ensures incident responders can work together as quickly and efficiently as possible when handling incidents where time is often of the essence. It also makes communication with leadership and stakeholders fast and easy.
CISOBox makes generating incident reports faster and easier.
After incidents are resolved, reports can be written more quickly and easily because all of the needed documentation is unified in a single CISOBox record. In addition, teams are less likely to lose or misplace critical data or documentation, which could be devastating in legal or regulatory situations.
CISOBox builds a knowledgebase to optimize incident response over time.
Because CISOBox builds up a knowledge base of historical incident data over time, it can also give incident responders leverage. Using CISOBox’s search and other interfaces, data from historical incidents can be searched to find information that may be helpful in resolving or handling new incidents. In addition, teams conducting reviews of their security posture can “mine” this knowledge base to better understand the threats and risks they face and how to mitigate them.
CISOBox Is the Information Security Incident Management System Your Team Has Been Looking For.
Don't let disconnected systems and disorganized data cost you time and money in the wake of an incident. Efficient, effective and compliant cyber incident management means managing incident data well. CISOBox offers everything you need to take your incident handling to a higher level of maturity, and, you can implement it quickly and easily.
Get in touch with us today to schedule a free demo of CISOBox's security incident management solution.
It's time to take your incident management to the next level.