Incident management 1 Incident management Incident Management (IcM) refers to the activities of an organization to identify, analyze and correct hazards.
For instance, a fire in a factory would be a risk that realized, or an incident that happened.
An Incident Response Team (IRT) or an Incident Management Team (IMT), specifically designated for the task beforehand or on the spot, would then manage the organization through the incident.
Usually as part of the wider management process in private organizations, incident management is followed by post-incident analysis where it is determined why the incident happened despite precautions and controls.
This information is then used as feedback to further develop the security policy and/or its practical implementation.
In the USA, the National Incident Management System, developed by the Department of Homeland Security, integrates effective practices in emergency management into a comprehensive national framework. Computer security incident management A specific case of incident management is computer security incident management, which is most often handled by a Computer Security Incident Response Team (CSIRT).
For example, if an organization discovers that an intruder has gained unauthorized access to a computer system, the CSIRT team would analyze the situation, determine the breadth of the compromise, and take corrective action.
Computer forensics is one task included in this process. Incident Management Process, as defined by ITIL ITIL defines an incident as “any event which is not part of the standard operation of a service and which causes, or may cause, an interruption to, or a reduction in, the quality of service.” Incident management, therefore, is basically the process of restoring operations as quickly as possible with minimal adverse impact on business operations.
The Incident Manager is a functional role and not a position.Incident management provides to the external customer a focal point for leadership and drive during an event by ensuring adherence to follow-up on commitments and adequate information flow.
This means, presenting to the customer an entity that accepts ownership of their problem.
The objective of Incident Management during an incident is service restoration as quickly as possible.
The objective is not to make a system perfect.
If service can be restored by a temporary workaround quicker than by correcting the underlying root cause of the issue then that is acceptable.
After service restoration, correction of underlying root causes is done by the Problem Management team by a process called Root Cause Analysis (RCA).
An example of service restoration by temporary workaround is that done on the Apollo 13.
The primary focus of Incident Management is to ensure a prompt recovery of the system, supervising and directing the internal or external resources.
Prompt system recovery and minimization of any impact to the customer’s, has priority over unreasonably long and intensive data collection for the event root cause investigation.
Incidents can be classified into three primary categories: Software (applications), hardware, and service requests. (Note that service requests are not always regarded as an incident, but rather a request for change.
However, the handling of failures and the handling of service requests are similar and therefore are included in the definition and scope of the process of incident management.) ITIL separates incident management into six basic components: • • • • Incident detection and recording Classification and initial support Investigation and diagnosis Resolution and recovery • Incident closure Incident management • Ownership, monitoring, tracking, and communication (monitoring the progress of the resolution of the incident and keeping those who are affected by the incident up to date with the status) From ITIL point of view, the activities of Incident Management are: • • • • Take ownership for an incident and act as the primary level of escalation Provide a prompt recovery of the business within the specified Service level agreement or SLA Assure that the focus on the incident resolution is not taken away by other activities Escalating incidents: functional (the support of a higher technical skills are needed to solve the problem) and hierarchical (a manager with more authority to be consulted in order to take decision that are beyond the competencies assigned to this level) Send incident notifications to the customer (documents that contains detail information) Setting-up and leading conference call or bridge communication between all involved parties Keep tracking and records of the time lines Act as an interface towards other technicians, customer technical staff and other groups within the organization. 2 • • • • An Incident Manager should be able to: • understand any incident/fault on a basic level (at least) in order to use the appropriate competences (resources) • drive the restoration team to gather sufficient information to start an analysis • maintain a general overview of the incident (keeping the focusing on the restoration via a workaround) • understand the functionality of multiple areas (RAN, Core Network, VAS, BSS/OSS) Incident management software systems Incident management software systems are designed for collecting consistent, documented Incident report data.
Many of these products include features to automate the approval process of an incident report or case investigation.
Additionally Incident report systems will automatically send notifications, assign tasks and escalations to appropriate individuals depending on the incident type, priority, time, status and custom criteria.
Modern products provide the ability for administrators to configure the Incident report forms as needed, create analysis reports and set access controls on the data right down to each field in the system.
These systems have become an essential tool for incident management for larger organizations. External links • National Incident Management System Consortium  in the USA • D3 – Incident Management System  References  http:/ / www.
Org/  http:/ / www.
Com/ products/ incident-management-system
Read more about ITIL : Incident Management Process as defined by ITIL ITIL defines an….: