Security Incident Management

Security Incident Management

When implementing an ISMS according to ISO 27001, a complete reporting system for security and data protection incidents should be should be also considered. Furthermore, it is essential to proceed in a structured and methodical way in case of a security incident in order to have an overview of the situation at any time.

The QSEC module Security Incident Management offers this along an integrated risk management process. The relevant security and data protection incidents are recorded. Security incident measures are managed in a structured way, in order to improve the risk assessment within the ISMS process according to ISO 27001.

In addition to the category and degree of severity of an incident, the following points are documented

  • Amount of damage,
  • Severity,
  • Damage class and
  • Type of damage.

A status with resubmissions and persons responsible is maintained for each damage or incident, which is linked to corresponding measures and security objectives.

Incidents recorded in Security Incident Management are assigned to business units and the asset groups affected by them.

 

Security-Incident-Management-overview

Security Incident Management – overview

Features (excerpt)

  • Recording of category, severity, amount, class and type of damage
  • Registration of affected asset groups and persons
  • Indication of the associated risk scenarios
  • Acquisition of the security target
  • Responsibility, resubmission
  • Link to other objects
  • Integration into the QSEC Risk Management

QSEC modules

Data-Protection-Management-System-QSECInformation_AssetsCompliance_Management_System
IT-Risk-kachelSecurity Incident ManagementMeasure-Management
Document-ManagementMaster-Data-qsecBusiness_Continuity_Management
Reporting-DashboardInterview-WizardInterview-transfer-Wizard
Compliance-WizardRisk-Assessment-WizardSecurity-Level-Wizard
Measure-Evaluation-WizardUsabilityTask-Manager
AdministrationTechnology

Risk Assessment Wizard

Risk Assessment Wizard

In our GRC tool QSEC®, regular assessments for risk evaluation can be performed. Assessments are internal checks/audits carried out in QSEC.
The risk assessment tool in our QSEC software increases the revision security to external audits (annual financial statement audits, internal revision and certification audits).
It enables the company to identify and minimize potential risks and to document the activities performed in an audit-proof manner.

The assessment cycles defined in the ISMS risk management guideline are defined in QSEC either

  • in the expert module on risk assessment planning or
  • with the help of the Risk Assessment Wizard.

The authorized QSEC user is guided through a guided workflow process with the help of the Risk Assessment Wizard:

  • Introduction with detailed explanations
  • Selection of the scope (business unit, related standards and assets) and
  • Status display of the current risk assessment
  • Definition of responsibilities and
  • Description of the assessment
  • Assessment period
  • Report with the status display

Risk-Assessement-Wizard-qsec

QSEC® Risk Assessment Wizard

After you have selected a scope, information on the current status of the current risk assessment (RA) is displayed. In addition to the start and end date, the POC is displayed based on the open and already evaluated asset groups.
An active risk assessment can only be completed by clicking on the “Complete Risk Assessment” button when the degree of completion is 100%. A new risk assessment can only be started as soon as the ongoing risk assessment (RA) has been completed.

QSEC modules

Data-Protection-Management-System-QSECInformation_AssetsCompliance_Management_System
IT-Risk-kachelSecurity Incident ManagementMeasure-Management
Document-ManagementMaster-Data-qsecBusiness_Continuity_Management
Reporting-DashboardInterview-WizardInterview-transfer-Wizard
Compliance-WizardRisk-Assessment-WizardSecurity-Level-Wizard
Measure-Evaluation-WizardUsabilityTask-Manager
AdministrationTechnology

Reporting / Dashboard

Reporting / Dashboard

The management dashboard in QSEC provides all required information in a transparent way. The numerous reports and dashboards provide an adequate view for every employee (management, team leader, responsible person etc.).

Furthermore, in QSEC all required and necessary work and management reports for the ISMS activities can be executed, e.g.

  • predefined
  • individually and
  • daily updated

This means that you have an actual information security status of your company at any time using clear and graphically prepared reports. The export of reports, e.g. to MS Word, Excel, PowerPoint or other formats, is also possible.

 

The maturity level display enables you to compare the current status of information security with the targeted maturity level in your company.

 

SoA-Bericht

Reporting – SoA report in ISMS QSEC®

Features (excerpt)

  • Compliance Maturity Level
  • SOA – Statement of Applicability
  • Risk Status / Peak Risks
  • Risk Response
  • Critical Business Processes
  • Measures with budget planning
  • Document Status Report
  • Asset Group Status

QSEC modules

Data-Protection-Management-System-QSECInformation_AssetsCompliance_Management_System
IT-Risk-kachelSecurity Incident ManagementMeasure-Management
Document-ManagementMaster-Data-qsecBusiness_Continuity_Management
Reporting-DashboardInterview-WizardInterview-transfer-Wizard
Compliance-WizardRisk-Assessment-WizardSecurity-Level-Wizard
Measure-Evaluation-WizardUsabilityTask-Manager
AdministrationTechnology

Measure-Management

Measure-Management

The GRC software QSEC® provides an extensive range of functionalities for the management of measures.

Proposed measures can be taken over from all modules or can be adapted individually.

By means of the integrated status query, affected controls can be immediately re-evaluated after successful implementation of measures.

In order to reduce IT risks, concrete measures and their implementation can be derived from identified and captured vulnerabilities and threats.

The measures can be selected from the QSEC software measure l catalogue or they can be created manually, in order to reduce risks and improve control maturity levels.

The measures are integrated with the QSEC® modules IT risk, compliance, document and incident management.

Measure-Management-Overview

Measure Management – Overview

Features (excerpt)

  • Adoption of automatically proposed measures, from the QSEC standard measures catalogue, with the possibility of adaptation
  • Creation of individual measures
  • Assignment of responsibilities and substitutions
  • Scheduling and deadline tracking
  • Status query at any time
  • Integration with controls, risks, documents, security incidents
  • Re-evaluation of relevant risks after implementation of the measures
  • Risk acceptance in case of non-implementation of measures

QSEC modules

Data-Protection-Management-System-QSECInformation_AssetsCompliance_Management_System
IT-Risk-kachelSecurity Incident ManagementMeasure-Management
Document-ManagementMaster-Data-qsecBusiness_Continuity_Management
Reporting-DashboardInterview-WizardInterview-transfer-Wizard
Compliance-WizardRisk-Assessment-WizardSecurity-Level-Wizard
Measure-Evaluation-WizardUsabilityTask-Manager
AdministrationTechnology

Measure Evaluation Wizard

Measure-Evaluation-Wizard

The QSEC measure evaluation wizard simplifies the measure assessment with regard to

  • Cost efficiency and
  • Relevance for legal regulations.

The wizard offers a standardized and user-friendly interface that enables every user to carry out the task evaluation quickly and efficiently. The user is intuitively guided through the different steps of the assessment until completion.

 

Measure-Evaluation-Wizard-qsec

Measure-Evaluation-Wizard

QSEC modules

Data-Protection-Management-System-QSECInformation_AssetsCompliance_Management_System
IT-Risk-kachelSecurity Incident ManagementMeasure-Management
Document-ManagementMaster-Data-qsecBusiness_Continuity_Management
Reporting-DashboardInterview-WizardInterview-transfer-Wizard
Compliance-WizardRisk-Assessment-WizardSecurity-Level-Wizard
Measure-Evaluation-WizardUsabilityTask-Manager
AdministrationTechnology