Incident management (IcM) is an area of IT Service Management (ITSM) that involves returning service to normal as quickly as possible after an incident, in a way that has little to no negative impact on the business.
In the fields of computer security and information technology, computer security incident management involves the monitoring and detection of security events on a computer or computer network and the execution of proper responses to those events.
Computer security incident management is a specialized form of incident management, the primary purpose of which is the development of a well understood and predictable response to damaging events and computer intrusions.
Incident management requires a process and a response team which follows this process. This definition of computer security incident management follows the standards and definitions described in the National Incident Management System (NIMS).
The incident coordinator manages the response to an emergency security incident. In a Natural Disaster or other event requiring a response from Emergency services, the incident coordinator would act as a liaison to the emergency services incident manager. The activities within the incident management process include:
- Incident detection and recording
- Incident reporting and communication
- Priority Classification and initial support
- Investigation and analysis
- Resolution and record
- Incident closure
- Incident ownership, monitoring, tracking and communication
- Establish incident framework management
- Evaluation of incident framework management