2 Replies Latest reply on Jan 14, 2019 10:02 AM by Mahamadou Traore

    Security Incident Management with Remedy

    Peter Adams
      Share This:

      I'm planning to conduct some research about the use of Remedy for Security Incident Management. Would like to understand better what our customers are doing today in this area, how they have addressed the specific requirements for Security Incident Management, and what additional needs are not yet addressed by the Remedy ITSM solution. If you are interested in joining a discussion group and helping set the direction for BMC in this area, please contact me directly by sending a message to Peter Adams or feel free to respond directly to this post.




      Peter Adams

        • 1. Re: Security Incident Management with Remedy
          Rowan Ward

          Hi Peter


          Our Security Incident Management process in Remedy today is very simplistic at this stage, most of it is focused on categorising the different Security Incident types (using Op Cats) & customised alert notifications that are sent out when a Security breach/incident is recorded to the relevant local Security team(s).


          My high level view is Security Incident Management would need to be treated differently to the standard incident flow, as there are sensitive issues that could be reported, which the business may not want to publicise the full investigation output to all users who have access to view tickets for the company.  e.g. Stolen / damaged devices etc..  (Similar to HR related activities).


          It would be really useful if this helped support ISO/IEC 27002 and the full life-cycle to be easily fed in from Remedy to Information security reviews and potentially a feed into Risk Management / Security Audits etc..





          2 of 2 people found this helpful
          • 2. Re: Security Incident Management with Remedy
            Mahamadou Traore

            Hi Peter,


            In our organization, we are planning to implement security incident. We are thinking of using the new AR security model starting from 9.1 (choosing support group for Application permission Model). Obviously we are assessing the impact of this since our security model was based to company. Changing from Company to support group may brought a lot of challenge that why we are still figuring out of the side effect of this to our customer, support team, etc. We have a lot of questions now and search for answers and experiences from other.


            With the support group model security, we would like to manage security incident like this.


            1. User (client, Customer, employee, etc.)  raise a ticket to service deskp
            2. After investigation, the service desk assigned ticket to security group
            3. Security Team decide the ticket should be treat as a '' Security incident''
            4. Security Team create a new ticket '' Incident security'' and assigne to them. Customer, contact and owner group of this new ticket are all related to them so it can't view by other.
            5. The original ticket (raise by user) is related to the security incident ticket. Only member of security team has access to the security incident ticket.