Incident Management Use Case Design
This topic explains the Incident Management use case design.
On this page
Architecture Diagram
The following diagram shows the relationships between the applications in the Incident Management use case.
Applications
|
Applications |
Description |
|---|---|
|
Incidents |
The Incidents application provides a central repository for reporting incidents and managing the incident lifecycle. Through the Incidents application, you can: Report and manage incidents to their resolution. Assign investigators to analyze and remediate issues. Track and monitor legal involvement with incidents. Attach reports and evidence. Relate incidents to generate trend analysis. Once the data has been provided to the incident response team members, they can review the incident based on criticality, financial impact, and more. They may also link the incident to other incidents that are related or specific items within the business hierarchy or operational infrastructure to help evaluate the root cause. In addition, you can link multiple incidents to 1 investigation, reducing redundancy and the workload of the investigating teams. |
|
Response Procedures |
The Response Procedures application documents all procedures that must be implemented as incidents occur. Procedures are categorized by the type of incident, such as denial of service, phishing attack, and so on, and you can relate procedures to multiple incidents. Through the Response Procedures application, you can: Define specific procedures for incident responders to follow, ensuring process consistency. Attach supporting documentation. Monitor the implementation status of response procedures in the context of specific incidents. |
|
Investigations |
The Investigations application allows you to report and manage investigations for 1 or more incidents or ethics violations. Through the Investigations application, you can: Submit requests for incident investigations, noting the urgency, location, and type. Assign the investigation owner, manager and support staff and automatically notify them when assignments enter their queues. Record evidence and attach supporting documentation. Maintain a detailed investigation history and audit trail with the capability to display multiple versions of a record throughout the investigation lifecycle. Additionally, you can document legal and law enforcement involvement, perform loss and recovery analysis, track incident resolution, including causes and corrective actions, and manage Bank Secrecy Act (BSA) e-filing reporting requirements. |
Access Roles and Record Permissions
|
Access Role |
Description |
|---|---|
|
IM: Admin |
Serves as the administrator for the use case. |
|
IM: Manager |
Provides create, read, and update access to management stakeholders within the use case. |
|
IM: Owner |
Provides create, read, and update access to business process owners within the use case. |
|
IM: Read Only |
Provides read-only access for the use case. |
Note: For detailed, page-level access rights, see the Data Dictionary.
The following are specific roles (record permissions fields) within the Incident and Investigations applications. These fields may correspond to different members of the incident team depending on the nature of the incident. As part of the implementation process, these roles should be designated.
|
Role |
Description |
|---|---|
|
Incident Owner |
Management representative or CERT leader who is responsible for the overall incident response. |
|
Incident Manager |
Technical lead or lead incident response member who is tactically responding to the incident. |
|
Individuals involved |
Other individuals involved, which can include the following:
|
|
Requester |
Person requesting the investigation. |
|
Investigation Owner |
Management representative or investigation leader who is responsible for the overall investigation. |
|
Investigation Manager |
Technical lead or lead investigator who is managing the actual investigation processes. |
Dashboards
|
Dashboard |
Description |
|---|---|
| BR Task Driver | The BR Task Driver dashboard contains quick links for frequent tasks and features metrics specific to the current user, such as BIAs pending my action, past due BCDR Plans, and active Incidents. |
| BR Process Manager | The BR Process Manager dashboard displays items relevant to Business Process Owners and Program leads. Charts are designed to help them determine how processes are functioning and identify gaps. The dashboard features metrics, such as expired BIAs and BCDR plans, BIA RTOs and RPOs, and the dependency mapping status by business unit. |
| BR Management | The BR Management dashboard provides critical information to help the management understand the resilience of business units. The dashboard uses interactive charts to display data, such as incidents by business unit, products and services by category, and BIAs by criticality rating. |
