Incident Management

Having a program for managing incidents is critical for any company, but especially for financial institutions such as banks, savings associations, credit unions, and trust companies. According to the Interagency Guidance on Response Programs, “a response program should be a key part of an institution’s security program.” As such, an effective incident response plan should be designed to protect customer and member information, prevent losses, and return systems to normal operation as soon as possible.

CoNetrix offers online software to facilitate the development and maintenance of an incident response plan, following guidance from the Federal Financial Institutions Examination Council (FFIEC), National Institute of Standards and Technology (NIST), and other regulating bodies (e.g., FDIC, FRB, NCUA, OCC, etc.). Our software and templates help institutions comply with expectations in the FFIEC’s Information Security Booklet and Cybersecurity Assessment Tool, as well as the FDIC’s Information Technology Risk Examination (InTREx) Program.

The Incident Management product also features the ability to track and document the response process through the six stages of an incident as outlined by the NIST SP800-61 Rev. 2, Computer Security Incident Handling Guide. With date-and-time stamped events recorded and ready for download, your organization will be able to regroup after an incident and update the response plan accordingly.

Features

The CoNetrix Tandem Incident Management software is feature-rich, including:

  • Use global reporting to generate standardized documents
  • Start with our template incident response plan text and customize it to make it your own
  • Specify roles and responsibilities for incident response within your organization
  • Store contact information for third parties needed for incident response
  • Create custom sections for your incident response plan document
  • Define terms used in your incident response plan with a built-in glossary
  • Track an unlimited number of incidents
  • Document and track the chain-of-custody for evidence related to incidents
  • Create incident handling tasks, assign them to users, and monitor their status
  • Run reports to identify gaps in your incident handling

For professional services, ask your account representative about adding Boost Consulting services.