Incident management

From Wikipedia, the free encyclopedia

You have new messages (last change).

For the Information Technology Management system, see Incident Management (ITSM).

Incident management refers to the activities of an organization to identify, analyze and correct problems or troubles. For instance, a fire in a factory would be a risk that realized, or an incident that happened. An Incident Response Team (IRT) or an Incident Management Team (IMT), specifically designated for the task beforehand or on the spot, would then manage the organization through the incident.

A specific case of incident management is computer incident management, which is most often handled by a computer incident response team (CIRT). E.g. when an organization discovers that an intruder has gained unauthorized access to a computer system, the CIRT team would analyze the situation, determine the breadth of the compromise, and take corrective action. Computer forensics is one task included in this process.

Usually as part of the wider management process in private organizations, incident management is followed by post-incident analysis where it is determined why the incident happened despite precautions and controls. This information is then used as feedback to further develop the security policy and/or its practical implementation.

In the USA, the National Incident Management System, developed by the Department of Homeland Security, integrates effective practices in emergency preparedness and response into a comprehensive national framework.

Retrieved from "http://en.wikipedia.org../../../i/n/c/Incident_management.html"