Incident Management Tool
What the tool offers
The Incident Management Tool (IMT) is a tool targeted at organizations and teams that handle computer security incidents – in practice any organization that provides or consumes an internet service. A problem experienced by incident handlers in the context of cloud computing, is the lack of access to sufficient incident information throughout the cloud provider chain. A Software-as-a-Service (SaaS) would not necessarily receive the needed information from their Platform-as-a-Service (PaaS), nor the PaaS from their (Infrastructure-as-a-Service (IaaS), etc. Furthermore, complicated cloud provider chains with multiple participants increase the need for more automated sharing of incident information – potentially allowing some response actions to be automated. The IMT interacts with other instances of IMT and other tools by a simple, extensible incident format and a publish-subscribe based API – exchanging incident information. The simplicity of the solution makes it usable for small companies as well as large. The integration with A4Cloud tools, allows for easy notification of end users. The solution supports incidents propagating through the Cloud Service Provision Chain while preserving traceability.
The tool innovation
IMT provides a simplified incident format and incident exchange model that makes the solution usable for small companies as well as large ones. Existing tool such as TAXII (using STIX) are generally considered to be too complex for all but the most dedicated organisations. The integration with A4Cloud tools allows for easy notification of end users, thus making it easier to comply with the General Data Protection Regulation (GDPR) requirements of notifying end users when personal information is affected by a breach. Furthermore, IMT supports incidents propagating through the Cloud Provision Chain while preserving traceability. This allows organisations to share incident information to customers, not revealing where the incident originated, but still allow an auditor to follow the incident trail.
Being simple in its nature, IMT will be easy to adopt by any organisation. The notification functionality will help organisations in complying with the GDPR – both notifying the supervisory authority and the end user by allowing the relevant information to propagate down to the provider which actually manages end users and are able to notify them. Information sharing will be improved, which could lead to better incident handling across organisations.