Cyber Incident & Breach Response

Archer Cyber Incident and Breach Response enables you to centrally catalog organizational and IT assets, establishing business context to drive incident prioritization and implement processes designed to escalate, investigate and resolve declared incidents. The use case is designed for teams to work through defined incident response and triage procedures in preparation for a potential data breach.

Built-in workflows and reporting are designed for security managers to stay on top of the most pressing issues and streamline processes. Issues related to a declared incident investigation can be tracked and managed in a centralized portal that provides full visibility and reporting. If an incident escalates into a data breach, pre-built workflows and assessments are designed to help the broader business team work with the security team to respond appropriately.

With Archer Cyber Incident & Breach Response, declared cyber and security events can be escalated quickly and consistently. Advanced workflow and insight to the velocity of declared cyber and security incidents allow more efficient utilization of security team resources, resulting in faster response, analysis and closure rates for critical security incidents. With improved processes and capabilities, the security team can more effectively leverage existing infrastructure -- such as SIEMs, log and packet capture tools, and endpoint security technologies -- to focus on the most impactful incidents. These capabilities improve security team preparedness in the case of serious incidents involving potential data breaches, increasing the return on infrastructure investments while lowering overall security risk.

For the key features and benefits of this use case, see the Data Sheet on the Archer Community: https://community.rsa.com/docs/DOC-40093

Cyber Incident & Breach Response is a use case in the IT Security & Risk Management solution area. The following sections describe the use cases that Cyber Incident & Breach Response requires as a prerequisite, which use cases you can upgrade to as your program matures, and which use cases in other solution areas you can integrate for additional business context and functionality.

Prerequisite and next use cases

This following table shows how this use case fits into the overall IT & Security Risk Management solution area.

Prereq, current, next use cases

Issues Management

Cyber Incident & Breach Response

N/A

  • Establish your business hierarchy
  • Consolidate and coordinate findings and remediation plans from risk, compliance, audits, and other assessments
  • Manage exceptions with appropriate risk sign-off acceptance.
  • Manage SOC staff and contacts
  • Manage incidents, including the reporting, escalation, and remediation using an advanced workflow process.
  • Manage your declared incidents using a streamlined advanced workflow process.
  • Manage security operations
  • Manage data breaches

 

Related use cases in other solution areas

The following table shows additional features that are available if you have the specified use cases licensed.

Use Case Name

Application Name

Primary Purpose(s) of the Relationship

Crisis Management

Crisis Event

Using the Archer Crisis Management use case, you can create a crisis event record for your crisis event team to track and resolve.

Any use case that includes the Risk Register application

Risk Register

You can tie your incident record to related risks in the Risk Register application.

 

The following resources are available for the IT & Security Risk Management solution area:

Get started