ControlCase Incident Manager

More information



Regulations require the ability to escalate and alert when a compliance breach occurs or when an event is not being processed in a timely manner. For example, the Federal Information Security Management Act (FISMA), requires that each federal agency develop, document and implement agency-wide information security programs which includes the process for reporting and escalating security incidents.

ControlCase Incident Manager delivers the most comprehensive incident management system available. It centralizes the reporting, tracking and resolution of incidents in an easy-to-use, Web-based format. It allows organizations to stay in front of incidents that, if left unattended, could cause serious consequences. ControlCase Incident Manager enables secure reporting, as mandated in FISMA, to US-CERT through PGP encryption.

ControlCase Incident Manager tracks the lifecycle of an event using four phases:

  • Events: Receive events through email, web based interface or connect to third party system using interfaces.
  • Incidents: Classify appropriate events as incidents and assign them to investigators.
  • Response: Provide centralized view for incident handling and evidence chain of custody.
  • Reporting: Report to third parties such as FBI and CSIRT, internal parties for SLA's and total incident cost.

During each phase of the lifecycle, access controls strictly govern a users' ability to access data. In addition, all entries are logged and the evidence chain of custody ensures that evidence is accounted for through each step of the investigation.

Key Features

Event Reporting

  • Report events through email to a set of email addresses
  • Report events through an anonymous web page
  • Report events in a manner such that they can be tracked to individuals
  • Report events into the Incident Management system through automatic feeds from a third party system

Incident Management

  • Assign events to investigators as "Incidents"
  • Classify incidents as High, Medium or Low severity
  • Flexibility in assigning appropriate roles to users or groups.
  • Flexibility in assigning incident manager functionality to one or more roles.
  • Automatic assignment of tracking numbers to each incident


  • View data as it was generated during "event" stage
  • Log response actions along with evidence numbers for physical evidence
  • Upload soft copy of evidence (such as log files) along with evidence number and hash of the files to maintain chain of custody
  • Evidence cannot be modified
  • Request closing of incidents and managerial review prior to closure

ControlCase Incident Manager includes a robust reporting capability Reporting

  • Report to external agencies such as FedCIRC and CERT/CC through secure channels depending on your internal network
  • Customize reports for internal use such as incident tracking, SLA reporting and work load management
  • Customize graphs and charts for internal use such as incident per month and incident breakup by classification
  • Report on costs of incidents using the I-CAMP model