US Patent 9697352 Incident response management system and method

A computer-implemented incident response management system, and corresponding method in which an incident response application is provided having a user interface; at least one central processing unit; an operating system and a database communicably coupled to said incident response application. The incident response application is configured to: receive, via said user interface, notification of a cyber or information security incident, together with data objects representative of entities related to said incident, files and/or data found during said incident, and/or observed actions and/or outcomes related to said incident; provide, via said user interface, an interactive representation of said incident, including information represented by said data objects, to selected users; receive, in the form of one or more Indicators of Compromise, data related to the detection of system compromise in connection with one or more of said data objects; and store said Indicators of Compromise in connection with a respective incident.