Case Management for Security Incident Investigators

Thursday, January 20, 2011

Lindsay Walker


If 2010 was an indicator of the future of security related incidents in the workplace, something needs to change. It seems that, no matter how robust your corporate security program is, there's still no guarantee that information won't get leaked.

In the IT World article, "Acting upon a Breach in Six Easy Steps," Carmi Levy states:

"If businesses aren't doing anything in their power to manage and protect corporate and customer data, they're just as guilty as if someone came in and stole it."

Incidents involving security or data breaches need to be investigated just as promptly as any other type of workplace misconduct. If these issues fail to be investigated, companies could risk their reputation, lose customers or even worse, get slapped with a lawsuit.

Case management software provides investigators with the functionality they need to effectively carry out security incident investigations.

Get Notified

Whether it's the act of a hacker or an innocent mistake from an employee, it's important that all data breaches get reported. Open up the lines of communication by offering multiple sources to receive tips or complaints.

This will allow members of the public, as well as your own employees to report incidents. Some case entry methods to consider are hotlines, web forms on the company website or intranet, email and manual case entry when a case is reported in person to a manager.

Case management software ensures that a notification email is sent to the appropriate individual(s) when a new case is added to the system. This way, no case goes unattended and investigators can be assigned immediately to ensure a prompt investigation. Once you've got your team ready to go, it's time to start the investigation.

Take Action

Information security investigations require collaboration between a number of different groups, and in some cases, they may not be from within your organization. Case management software simplifies case collaboration by allowing the system manager to add and remove users as needed; enabling the appropriate people to access cases they are involved in.

Access roles are established for each individual in order to maintain privacy over the investigation. This means that each investigator will only be able to access the pieces of the investigation that relate to their role, whether it's the entire case file or a few sections of it.

In some situations, involvement from law enforcement is necessary. Conduct every investigation with this point in mind, as it will stop you from cutting corners and leaving out the finer details of the investigation.

Case management software is all about keeping investigators on track and centralizing information pertaining to the investigation. Investigators can send emails from within a case file, as well as attach evidence and investigation interview notes to the case to keep everything secure and in one place.

Learn from the Past

Take the information from the investigation and apply it to your workplace to prevent that same security breaches from occurring. It makes no sense to carry out an investigation and take nothing away from it.

Case management software has intuitive reporting mechanisms built into the system to allow managers to identify trends and common "problem" areas in the workplace.

This information can be used to plan employee training, identify policies that may need to be revisited and force companies to plan ahead to prevent future security breaches.

From i-Sight

Possibly Related Articles:
Data Loss breaches Incident Response Investigation Case Management
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.