Incident management

From Wikipedia, the free encyclopedia

Jump to: navigation, search
 This article's tone or style may not be appropriate for Wikipedia. Specific concerns may be found on the talk page. See Wikipedia's guide to writing better articles for suggestions. (August 2007)
The examples and perspective in this article may not represent a worldwide view of the subject. Please improve this article or discuss the issue on the talk page. (August 2007)
This article is about Incident management theory. For other uses, see Incident Management (ITSM).

:

Incident Management (IcM) refers to the activities of an organization to identify, analyze and correct hazards. For instance, a fire in a factory would be a risk that realized, or an incident that happened. An Incident Response Team (IRT) or an Incident Management Team (IMT), specifically designated for the task beforehand or on the spot, would then manage the organization through the incident.

Usually as part of the wider management process in private organizations, incident management is followed by post-incident analysis where it is determined why the incident happened despite precautions and controls. This information is then used as feedback to further develop the security policy and/or its practical implementation. In the USA, the National Incident Management System, developed by the Department of Homeland Security, integrates effective practices in emergency management into a comprehensive national framework.

[edit] Computer security incident management

A specific case of incident management is computer security incident management, which is most often handled by a Computer Security Incident Response Team (CSIRT). For example, if an organization discovers that an intruder has gained unauthorized access to a computer system, the CSIRT team would analyze the situation, determine the breadth of the compromise, and take corrective action. Computer forensics is one task included in this process.

[edit] Incident Management Process, as defined by ITIL

ITIL defines an incident as "any event which is not part of the standard operation of a service and which causes, or may cause, an interruption to, or a reduction in, the quality of service." Incident management, therefore, is basically the process of restoring operations as quickly as possible with minimal adverse impact on business operations.

Incidents can be classified into three primary categories: Software (applications), hardware, and service requests. (Note that service requests are not always regarded as an incident, but rather a request for change. However, the handling of failures and the handling of service requests are similar and therefore are included in the definition and scope of the process of incident management.)

ITIL separates incident management into six basic components:

  • Incident detection and recording
  • Classification and initial support
  • Investigation and diagnosis
  • Resolution and recovery
  • Incident closure
  • Ownership, monitoring, tracking, and communication (monitoring the progress of the resolution of the incident and keeping those who are affected by the incident up to date with the status)


[edit] External links

Retrieved from "http://en.wikipedia.org/wiki/Incident_management"
Personal tools