Your DLP Implementation is incomplete without DashMagiq™ Incident Remediation Workflows
By Arvind Mehrotra Advisor Cybersecurity — Vidyatech and Krishna K Bhardwaj, CEO — Vidyatech
This blog is part of a series of blogs on the features of DashMagiq, and why your DLP Implementation is incomplete without each.”
The classical mistake CISO and Infosec security teams make are that they classify incident management as a task to manage risks only limited to IT and Application infrastructure. The process of identifying, collecting, recording, and analyzing the security threats and incidents related to cybersecurity in the real world covers more, i.e., data, edge devices, social sites, collaboration tools etc… However, the more significant challenge today is data leakage and information acquisition for a competitive threat. Therefore, having data protection software to help track, manage and organize data and processes is a significant benefit for organizations. Handling data protection is a complex activity, often involving all departments within an organization; thus, incidents arising from data protection software need to be distributed to various stakeholders to access the risk and rights for data access or distribution.
DLP Implementation creates incidents; DashMagiq™ takes each incident through a simple workflow that feels intuitive to folks assigned the incident for review, action, and closure. It truly embraces the philosophy that data is always sensitive for business reasons. The DLP implementation is pointless if the business stays away and only InfoSec remediates the incidents. The primary responsibility of remediation is with DPO or Infosec team. One critical burden they carry is creating IRTs (incident response teams) based on incidents pattern to collaborate with stakeholders and owners of entities, so that incident remediation is done at the soonest and within prescribed SLAs. It enables the strict SLA obligations to be met accurately.
While organizations transfer the burden of data protection to Infosec or DPO as per the organization’s design, it is recommended that the remediation task is distributed throughout the organization. At the same time, control of the process is centralized with Infosec or DPO.
It ensures discipline around the workflow; all incidents are tracked from creation to closure. As the incident travels, the responses and decisions arrived at during the workflow get documented. For the workflow to be effective, incidents are routed through appropriate stakeholders for a timely resolution. Not just that, to ensure timely review and actions, reminders are sent periodically. If the activity is still open in the defined turnaround time, the matter escalates up the hierarchy.
While action ownership is with IRT, and they are actioning the same, the incident details are only accessible to the assignee(s) on a need-to-know basis. Although all information is retained in the DLP solution, only incidents are made temporarily available in DashMagiq™ right when it is needed to minimize the security exposure.
In short, DashMagiq IR Workflows are:
· From Creation to Closure,
· Automatically documented with reminders and escalations, and
And the power of DashMagiq™ IR Workflows grows multiple folds when it works across multiple DLP Solutions implemented within an organization. Independent of source, the Workflows are unified, standard, disciplined, and automated.