How do I manage YakSafe (DLP) incidents?

This article provides an overview of how a YakSafe Administrator would investigate incidents that occur in order to resolve them.

The majority of a YakSafe administrators time will be spent using the 'Incidents' widget which is accessible by clicking on 'Security' from the main menu on the left.

Managing an incident and associated issues

As shown in the image above, every incident has the following information:

• ID - the Unique ID of the incident
• Timestamp - The date and time the incident occurred 
• User - The member's profile the incident occured on
• Asset - Where in the system the incident occurred
• Issues - how many unique issues occured in the incident,
• Severity - the severity of the incident
• Status - Incidents will be identified by three statuses as shown below:

• • Action Required: the administrator has actions pending to close out the incident/s
  • In Progress: shown if there are multiple issues within an incident and the administrator has actioned one or more issues with some remaining.
  • Resolved: the administrator has resolved all issues, with no further action required.

• To investigate an incident that, simply click on the 'More' drop down next to the issue you wish to investigate. The incident details box will expand showing:
  • Key details of the incident 
  • The issue or issues that were picked up by YakSafe.

• To resolve an issue, select the more dropdown button next to the issue. A new drop down box will appear with specific information relating to the issue as shown below and includes:
  
  • Location: Where was the breach picked up within the asset (in the example above within the body text of the form).
  • Policy: Further detail about the Policy and why it was picked up as a breach.
  • Status: The current status of the issue will be listed in one of four status's
    • Withdrawn: indicates a user entered an issue an immediatly removes it. No further action required.
    • Admin Resolved: Indicates the issue has already been resolved by you.
    • False positive: indicates the issue was marked as a false positive by you.
    • Investigate: indicates the issue still requires action by you.
  • User reason for ignoring: This breach has been ignored by the user, this provides the reason they have entered.
  • Update History: Provides details of the original issue prior to any updates.
  • Current Answer: Provides how the breach currently looks within the users form.

• Actions: your next step is to action the issue in order to resolve it. You have three options to select:
  • False positive: At times YakSafe will identify inoccert incidents. Select this option if after reviewing the text, it is determined not to be a breach. Once selected, the status will be updated as 'False Positive'. No further action is required.
  • Remove Issue: Selecting this option will automatically remove the offending item from YakTrak and update the users asset automatically. Select this if the team member does not need to be notified. Once selected, the status will be updated to 'Admin Resoled' and no further action is required.
  • Remove and Notify: Select this option if the text needs to be removed and the offender and the leader needs to be identified. This option is particularly important if further coaching is required. Once selected, the status will be updated to 'Admin Resolved' and no further action is required. 
• Once all issues within an incident has been actioned, the incident status will change to 'Resolved'