Product overview

Security Incident Handling is a line of business that is provided out-of-the-box in BMC Helix Business Workflows. It's an end-to-end solution to create, manage, and resolve security cases. With the Security Incident Handling line of business, you can create security cases through BMC Helix Business Workflows or by using the Security Incident Handling portal in BMC Helix Digital Workplace Advanced or by using BMC Helix iPaaS. Case agents resolve the security cases by completing the predefined tasks in Runbooks. A Runbook provides a guideline to manage and resolve security cases.

The Security Incident Handling line of business is available by default in your development environment, and you must make it active in BMC Helix Business Workflows before you start using it. You can further enhance the capabilities of Security Incident Handling by integrating it with BMC Helix ITSM and asset management to create and relate BMC Helix ITSM tickets and relate assets from the security cases.

Related topics

Security-stages

Evidence-and-evidence-log

Setting-up-and-going-live



To access the Security Incident Handling portal

To access the Security Incident Handling portal in BMC Helix Digital Workplace Advanced, select ESM Portal>Security Incident Handling.

Accessing_SIH.png

The following image shows the sample Human Resources portal in BMC Helix Digital Workplace Advanced:

OOB_SIH portal.png


Security incident

A security incident is a standalone event or a series of events that together indicate that an organization's systems or data might be breached, or that security measures have failed. This event includes any intentional or unintentional incident that poses a security threat to IT security.

Scenarios
  • Automatic case creation: Apex Global uses CrowdStrike as the security monitoring tool. It has integrated BMC Helix iPaaS with CrowdStrike so that security cases are automatically created in BMC Helix Business Workflows when a security event occurs in CrowdStrike. Case agents then work on resolving the security cases. If a security breach occurs in one of the company servers, the scanning tool picks up the security breach, and a security case is created in BMC Helix Business Workflows through BMC Helix iPaaS.
  • Manual case creation: Bill, a security case agent in Apex Global, creates a security case when an employee reports a phishing attack.


Core capabilities of the Security Incident Handling line of business

The Security Incident Handling line of business has the following core capabilities:

  • Out-of-the-box integration with BMC Helix iPaaS to create security incidents
  • Out-of-the-box content packs for security cases
  • Different stages of a security case
  • Evidence collection and maintenance of evidence log
  • Ability to relate CIs
  • Ability to add and relate incidents and work orders from BMC Helix ITSM

Product roles

The following image shows the roles introduced in the Security Incident Handling line of business:

Roles required for the Security Incident Handling line of business




 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*