2

I am looking for ideas on documentation platforms focused specifically for information security and response teams. Is there anything that has worked well? What are some of the unique advantages of one platform over another (e.g. wiki vs. CMS vs. network share)? This platform will also need to have the ability to easily search through the content to find things based upon keyword as well. What has worked or not worked for you in the past? Lastly, the ability to categorize the information in some manner would likely be helpful.

Note that this will be an internally hosted site that will not be accessible from the internet. This will also be limited to the information security team and staff.

We already have a ticketing system that is used throughout all of the IT department and would like to have a separate system used for documenting processes, procedures, policies items, possibly incidents, product evals, etc. that is exclusive to the IS team.

Daniel Li
  • 441
  • 2
  • 4
  • 17
John
  • 1,009
  • 3
  • 11
  • 16

5 Answers5

3

Ticketing platforms are normally used for this kind of thing.

Many products that perform asset management also include a ticking function:

Tracking information is important, but so is tracking everyone's activity, relating incidents, and ensuring that incidents are closed and handled properly. For that level of management, you need a ticketing system.

schroeder
  • 123,438
  • 55
  • 284
  • 319
2

If you are more on the "techy" side some of the following will help you manage security tool data:

  • Dradis: A really cool tool for taking notes and organizing data during a pen test. They also offer professional version and support.
  • Open Source Security Assessment Management System: A tool to manage input from multiple security tools, still in early alpha / maybe abandoned
  • Armitage: A gui frontend for Metasploit which may help manage security and pen testing on indivudal systems, loads in nessus files, etc.

For general purpose needs, I would recommend using a wiki system. Semantic MediaWiki is a good choice since you can encode semantics into your information, The SMW+ distribution has some cool collaboration tools built in and offers professional support if you want to be real business like about it. Alfresco is a CMS that would be a good choice as well with a lot of featuers and strong commercial support. You can also setup something a little easier with a basic Drupal install as well.

Eric G
  • 9,691
  • 4
  • 31
  • 58
  • `OSSAMS` is [dead](http://www.vulnerabilitydatabase.com/2011/10/ossams-alpha-security-testing-automation-and-reporting/). `Dradis` could be of use. Another was `RedMine`, not sure if it's still actively used. – Shritam Bhowmick Aug 30 '15 at 07:35
1

Could you not use the IT ticketing system and use permissions to implement your requirements of exclusivity to the IS team?

Mark Beadles
  • 3,932
  • 2
  • 20
  • 23
1

One piece of advice form the ISO 27001 world, that might be relevant, is that if your organisation already has ISO 9001 or ISO 14001 or similar, look at what those teams are using for document management etc. and use the same thing - they will already have solved many of the problems.

Even if your organisation is not running any ISO management systems, there may be other systems outside the IT department that are worth looking at.

Graham Hill
  • 15,394
  • 37
  • 62
0

RTIR is a good option for incident documentation, but Mark's answer is better. If you can't control a queue in your current system sufficiently, a one-off solution will only be more problematic.

My team generally uses the same Wiki site as our operations and network teams so it's in one place, present and backed up for emergencies, etc.

jth
  • 726
  • 6
  • 10