Sharing and Collaboration
In the heat of the moment, effective communication regarding an information security incident can be a challenge. The pressure to quickly stop an attack and prevent damage coupled with the need for a coordinated response from multiple distributed individuals in different disciplines, can make life very difficult for CISO’s and their teams – especially if they must cobble together a communication strategy using ad hoc and off-the-shelf tools not designed for IR.
Complicating the challenge is the need to secure sensitive incident information and communication. With the potential for sophisticated attackers to be inside the network and systems, care must be taken to ensure they do not gain knowledge of and interfere with the IR team’s efforts to thwart their attack.
CISOs and their teams often struggle to find systems to support the communication needed and, at the same time, to support other unique and critical requirements and best practices of information security incident management. This includes the need for strong protections for the confidentiality and integrity of incident data, the need to collect appropriate, detailed information regarding the incident and the need to comprehensively document response activity and evidence.
CISOBox can help.
Based on NIST and other standards and best-practices, CISOBox is purpose built to support information security teams’ need to track, document, and manage the response to information security incidents. Its comprehensive, intelligence-agency accredited security technology provides strong protection for sensitive incident data.
CISOBox’s secure collaboration features are particularly valuable for addressing the communication challenges of information security incident handling.
CISOBox facilitates quick communication in the wake of an incident.
By providing a single, central, web browser-based location for IR teams to work, CISOBox eliminates barriers to finding, sharing and organizing incident information and ensures incident responders can work as quickly and efficiently as possible. CISOBox’s comprehensive incident record – built with fields and locations to collect all key incident related data – is fundamental to the product’s ability to offer a central point of organization.
This central incident data source also makes communication with leadership and stakeholders fast and easy. Without physically walking from office to office, CISOs can quickly get the information they need to field in-bound calls and emails from executives and others seeking status updates. Where desirable, stakeholders can be granted privileges to access CISOBox directly with appropriate roles and privileges (e.g. “Read Only”).
To facilitate communication, CISOBox offers a built-in incident response team directory. Individual team members’ profiles incorporate comprehensive contact information including email, phone and physical location. Accessing directory information is as simple as clicking users’ names wherever they appear in the CISOBox interface. The directory adheres to IR best practices and ensures any team member can be quickly located during incident handling.
Shared, Multi-User Records and Journals
CISOBox incident records are built to be accessed, read and edited by multiple users at the same time. This includes the Incident Response and Evidence journaling portions of the record which allow multiple to users to post entries regarding incident handling activity to a shared, blog-like interface. As individual users add information to incident records and journals, it becomes immediately visible and available to other users. Incident handlers can stay abreast of events and their colleagues’ activity as they occur and adjust and coordinate their work accordingly. In addition, they can quickly be aware of any new data for the incident, including observations, evidence and artifacts files and other incident details, and immediately take advantage of that data to be effective. Finally, CISOs, leadership and stakeholders can access IR team’s journal entries and record updates to follow incident handling progress and gain the critical information needed for executive decision-making.
Beyond shared records, CISOBox includes an integrated, email-like messaging capability for sending and receiving messages regarding incident handling activity. Incident Responders can easily send and receive rich text messages directly to and from one or more other users on the platform through a convenient interface located on each incident record. Users are automatically notified of new messages through the web UI and via email notification. Aside from facilitating quick communication, CISOBox’s integrated message also stores messages with their associated incident record, ensuring messages aren’t lost and are available to aid in post-mortem analysis and reporting.
Secure, Out-of-Band Communication
Given the sophistication of today’s attackers and the challenges of defending networks, the risk of an incident response team’s communication being intercepted and monitored by an adversary is real. CISOBox mitigates this risk by providing an encrypted, out-of-band messaging feature. All messages exchanged between users are protected using encrypted protocols and strong authentication including two-factor. Messages sent and received never leave CISOBox and do not travel through the organization’s email infrastructure ensuring they remain protected within CISOBox’s hardened appliance. In addition, because the product is not domain-integrated and uses its own local user accounts, communication and incident data remain secure even if the domain is compromised.
Respond to Incidents With The Effectiveness You Need
Ad hoc incident response team communication and collaboration and decentralized and insecure storage of data and communication can hinder effective IR and ultimately cost your organization dearly through increased risk and the potential for damage from information security incidents.
Efficient, effective and compliant cyber incident management means having the right solution to manage incident data, documentation and communication. CISOBox offers everything you need to implement best practices and take your incident handling to a higher level of maturity. And, it’s a turnkey appliance that can be quickly and easily deployed.
Get in touch with us today to schedule a free demo of CISOBox's security incident management solution and experience the difference its incident response communication and collaboration capabilities can make for your information security team.