Feed the Compliance Measures, Do Not Be Eaten by Them

Posted bySteven Ditmore - 05th Jun 2017
Feed the Compliance Measures, Do Not Be Eaten by Them

At DFLabs, we typically find our financial clients saddled by regulations which, although important, add layers of complexity to the already complicated process of incident response. We want our clients to be able to feed the compliance measures, not be eaten by them, and we support this end by providing a simple, clear and easy to use playbook editing functionality within the IncMan automation and orchestration platform.

I often point out how IncMan adaptable playbooks are of benefit to companies when determining incident response steps in consideration of regulation. IncMan offers a number of measures to enforce regulatory policy on playbook actions.

Let us take a look at some quick examples:

Authorization levels: Effective use of the authorization chain means that personnel are engaged only for the tasks for which they have clearance.
Timed response: Playbook action enforce the urgency when dealing with a particular notification, action or identification, i.e. 72 hours to alert a particular authority about a breach.
Mandatory tasks: Prescribed tasks are essential for any organization to take the regulatory actions necessary whilst following corresponding incident response workflows.

This list is not exhaustive and IncMan offers lots of possible incident response workflows and points of use for regulatory compliance.

Beyond these measures, it is important to remember that the information gathered in the case record as part of the incident should be fully utilized. The post-mortem analysis of the incident and how it was managed, is as critical as the immediate response. This analysis will help you to define, restructure and organize the ongoing policy changes, and continually fine tune your incident response playbooks.

Our new correlation engine will give you the ability to not only see the entire picture, but also to learn how the picture was built over the course of a timeline of events. Correlation Engine 2.0 helps you to redefine your approach for incident trending and identifying relationships in incident data.