1. Automate notifications and workflows to mobilize and manage teams for an effective response.
2. Ensure a clear understanding of the event by aligning all activity, information, and decision points in centralized workspaces.
3. Improve decision making by giving responders access to content and incoming data through robust application integrations.
4. Communicate with stakeholders instantly by leveraging chat, call, meetings, and their recordings and transcripts.
A major financial network provides a suite of business solutions to independent financial advisors. Their primary interest is in providing offerings that can sufficiently cover the diverse needs and practices of their advisors.
Due to the high diversity in the needs and number of their advisors, this financial network recognized the importance of investing in incident management so that their solutions could be kept up and running for both their advisors and their advisors’ customers. The company recognized the need to take an approach that sustains multiple points of failure in order to manage their end-to-end response beyond the initial notification.
1. A monitoring application alerted the company that a peripheral server was running unauthorized software, indicative of an intrusion. This alert kicked off an automated workflow to trigger Challo to create a workspace using a Security Breach template.
2. The Security Breach template appointed the Information Security team to carry out the initial triage. Challo notified Information Security and invited them to the workspace. The workspace included predefined tasks that were assigned to members of the Information Security team with specific roles and responsibilities.
3. The Information Security team followed a Challo knowledge article, a rich and embedded document, that contains the company’s runbook for such a scenario. They determined that Personally Identifiable Information (PII) may have been compromised, so they selected a workspace action to trigger a workflow that escalated the response to include the Privacy team.
4. The workspace action sent the Privacy team notifications that invited them into the workspace, and assigned new tasks for their team. They were able to begin work immediately and continue to adapt to the incident as it required.
5. The Information Security and Privacy teams needed to collaborate in order to provide a comprehensive assessment of the incident. They held meetings within the workspace to sync up on status and assessment. Transcripts and recordings were taken that were associated with tasks to support decision making and records of activity.
6. The Information Security team continued to simulate that the security breach had occurred, and it was likely to impact the Business Continuity of some services.
7. The Marketing and Customer Relations teams were brought in to handle communications to ensure a disclosure was provided to employees, vendors, and customers. To carry out the disclosure, they used the workspace publisher, a capability that takes selected content from the workspace and shares it on an external site for broader distribution, to update advisors.
8. The Information Security and Privacy teams continued to use the workspace to support their activities through the simulation. Team members were able to upload documents that they made offline, and link to applications, or file repositories; which immediately allowed workspace members to view the content without additional credentials.
9. Marketing and Customer Relations used chat commands to execute natural language directives, and workflows, such as: inviting other team members, scheduling meetings, and searching for relevant content.
10. The company could overview all activity, information and decision points as a digital logbook to guide process improvement and reporting. The response team utilized the recordings and transcriptions of meetings to inform this process and gain insight.
11. The Privacy team invited a third-party consulting group to assess the simulation event, and purpose it towards improving the Breach simulation and response. The logbook was shared with the consultants that captured all of the activities of the event.
12. The company took the advice of the consultant and updated the Security Breach template with modified tasks and resources, so that the next time it was used it would be available to the response team.
Incident Management is more than responding to the actual event; it involves preparation before the event, coordination during it and process improvement after its resolution. This entails complexity and that’s where Challo comes in – giving the Financial Network a structured, robust and centralized place to manage the incident across its entire lifecycle.
Workspaces let the Financial Network structure its response while Challo’s powerful integrations enabled it to act on incoming information to deliver a more targeted and rapid response. No matter how an incident develops and changes the people, tasks or tools you need to respond, the Financial Networks shows how Challo can bring them together.