fbpx
Wikipedia

Incident management

December 15, 2023

This article is about Incident management theory. For other uses, see Incident Management (ITSM).

An incident is an event that could lead to loss of, or disruption to, an organization's operations, services or functions. Incident management (IcM) is a term describing the activities of an organization to identify, analyze, and correct hazards to prevent a future re-occurrence. These incidents within a structured organization are normally dealt with by either an incident response team (IRT), an incident management team (IMT), or Incident Command System (ICS). Without effective incident management, an incident can disrupt business operations, information security, IT systems, employees, customers, or other vital business functions.[1]

Description edit

An incident is an event that could lead to the loss of, or disruption to, an organization's operations, services or functions.[2] Incident management (IcM) is a term describing the activities of an organization to identify, analyze, and correct hazards to prevent a future re-occurrence. If not managed, an incident can escalate into an emergency, crisis or disaster. Incident management is therefore the process of limiting the potential disruption caused by such an event, followed by a return to business as usual. Without effective incident management, an incident can disrupt business operations, information security, IT systems, employees, customers, or other vital business functions.[1]

Physical incident management edit

National Fire Protection Association states that incident management can be described as, '[a]n IMS [incident management system] is "the combination of facilities, equipment, personnel, procedures and communications operating within a common organizational structure, designed to aid in the management of resources during incidents".[3][4]

Physical incident management is the real-time response that may last for hours, days, or longer. The United Kingdom Cabinet Office has produced the National Recovery Guidance (NRG), which is aimed at local responders as part of the implementation of the Civil Contingencies Act 2004 (CCA). It describes the response as the following: "Response encompasses the actions taken to deal with the immediate effects of an emergency. In many scenarios, it is likely to be relatively short and to last for a matter of hours or days – rapid implementation of arrangements for collaboration, coordination and communication is, therefore, vital. Response encompasses the effort to deal not only with the direct effects of the emergency itself (eg fighting fires, rescuing individuals) but also the indirect effects (eg disruption, media interest)".[5][6]

International Organization for Standardization (ISO), which is the world's largest developer of international standards also makes a point in the description of its risk management, principles and guidelines document ISO 31000:2009 that, "Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment".[7] This again shows the importance of not just good planning but the effective allocation of resources to treat the risk.

Computer security incident management edit

Main article: Computer security incident management

Today, an important role is played by a Computer Security Incident Response Team (CSIRT), due to the rise of internet crime, and is a common example of an incident faced by companies in developed nations all across the world. For example, if an organization discovers that an intruder has gained unauthorized access to a computer system, the CSIRT would analyze the situation, determine the breadth of the compromise, and take corrective action. Computer forensics is one task included in this process. Currently, over half of the world's hacking attempts on Trans National Corporations (TNCs) take place in North America (57%). 23% of attempts take place in Europe.[8] Having a well-rounded Computer Security Incident Response team is integral to providing a secure environment for any organization, and is becoming a critical part of the overall design of many modern networking teams.

Roles edit

Incidents within a structured organization are normally dealt with by either an incident response team (IRT), or an incident management team (IMT). These are often designated beforehand or during the event and are placed in control of the organization whilst the incident is dealt with, to restore normal functions.

Usually, as part of the wider management process in private organizations, incident management is followed by post-incident analysis where it is determined why the incident happened despite precautions and controls. This analysis is normally overseen by the leaders of the organization, with the view of preventing a repetition of the incident through precautionary measures and often changes in policy. This information is then used as feedback to further develop the security policy and/or its practical implementation. In the United States, the National Incident Management System, developed by the Department of Homeland Security, integrates effective practices in emergency management into a comprehensive national framework. This often results in a higher level of contingency planning, exercise and training, as well as an evaluation of the management of the incident.[9]

Root cause analysis edit

Main article: root cause analysis

Human factors edit

During the root cause analysis, human factors should be assessed. James Reason conducted a study into the understanding of adverse effects of human factors.[10] The study found that major incident investigations, such as Piper Alpha and Kings Cross Underground Fire, made it clear that the causes of the accidents were distributed widely within and outside the organization. There are two types of events: active failure—an action that has immediate effects and has the likelihood to cause an accident—and latent or delayed action—events can take years to have an effect and are usually combined with triggering events that then cause the accident.

Latent failures are created as the result of decisions taken at the higher echelons of an organisation. Their damaging consequences may lie dormant for a long time, only becoming evident when they combine with local triggering factors (e.g., the spring tide, the loading difficulties at Zeebrugge harbour, etc.) to breach the system's defences. Decisions taken in the higher echelons of an organization can trigger the events towards an accident becoming more likely, the planning, scheduling, forecasting, designing, policymaking, etc., can have a slow burning effect. The actual unsafe act that triggers an accident can be traced back through the organization and the subsequent failures can be exposed, showing the accumulation of latent failures within the system as a whole that led to the accident becoming more likely and ultimately happening. Better improvement action can be applied, and reduce the likelihood of the event happening again.[11]

See also edit

References edit

  1. ^ a b "What qualifies as an 'incident'?". Business Link. Archived from the original on 2011-06-15. Retrieved 2018-01-04.
  2. ^ (PDF). Business Continuity Institute. Archived from the original (PDF) on 2015-04-30. Retrieved 2015-09-03.
  3. ^ "List of NFPA Codes and Standards". National Fire Protection Association. 2013. Retrieved 10 April 2013.
  4. ^ . Ready.gov. 2012. Archived from the original on 12 April 2013. Retrieved 10 April 2013.
  5. ^ "National Recovery Guidance". GOV.UK. 2007. Retrieved 10 April 2013.
  6. ^ "Civil Contingencies Act 2004". legislation.gov.uk. 2012. Retrieved 10 April 2013.
  7. ^ "ISO 31000 Risk management". International Organization for Standardization. 2009. Retrieved 13 April 2013.
  8. ^ . Roger's Security Blog. TechNet Blogs. 12 Mar 2010. Archived from the original on Sep 24, 2012. Retrieved 2012-11-17.
  9. ^ . Homeland Security. Archived from the original on April 2, 2012. Retrieved 2012-11-17.
  10. ^ Reason J (June 1995). "Understanding adverse events: human factors". Quality in Health Care. 4 (2): 80–9. doi:10.1136/qshc.4.2.80. PMC 1055294. PMID 10151618.
  11. ^ O’Callaghan, Katherine Mary, Incident Management: Human Factors and Minimising Mean Time to Restore 2011-09-17 at the Wayback Machine, Ph.D. Thesis, Australian Catholic University, 2010.

External links edit

  • National Incident Management System Consortium in the United States
  • United Kingdom Government legislation, Civil Contingencies Act (CCA) 2004. (2012)
  • . (2012)

Further reading edit

  • Adam Krug (2014-09/16), "", Case Studies 1 – 34
  • Wearne S H & White-Hunt, K (2010), Managing the Urgent and Unexpected, Gower Publishing – Case studies

December 15, 2023
incident, management, this, article, about, theory, other, uses, incident, management, itsm, this, article, multiple, issues, please, help, improve, discuss, these, issues, talk, page, learn, when, remove, these, template, messages, examples, perspective, this. This article is about Incident management theory For other uses see Incident Management ITSM This article has multiple issues Please help improve it or discuss these issues on the talk page Learn how and when to remove these template messages The examples and perspective in this article may not represent a worldwide view of the subject You may improve this article discuss the issue on the talk page or create a new article as appropriate August 2007 Learn how and when to remove this template message This article needs additional citations for verification Please help improve this article by adding citations to reliable sources Unsourced material may be challenged and removed Find sources Incident management news newspapers books scholar JSTOR January 2018 Learn how and when to remove this template message Learn how and when to remove this template message An incident is an event that could lead to loss of or disruption to an organization s operations services or functions Incident management IcM is a term describing the activities of an organization to identify analyze and correct hazards to prevent a future re occurrence These incidents within a structured organization are normally dealt with by either an incident response team IRT an incident management team IMT or Incident Command System ICS Without effective incident management an incident can disrupt business operations information security IT systems employees customers or other vital business functions 1 Contents 1 Description 1 1 Physical incident management 1 2 Computer security incident management 2 Roles 3 Root cause analysis 3 1 Human factors 4 See also 5 References 6 External links 7 Further readingDescription editAn incident is an event that could lead to the loss of or disruption to an organization s operations services or functions 2 Incident management IcM is a term describing the activities of an organization to identify analyze and correct hazards to prevent a future re occurrence If not managed an incident can escalate into an emergency crisis or disaster Incident management is therefore the process of limiting the potential disruption caused by such an event followed by a return to business as usual Without effective incident management an incident can disrupt business operations information security IT systems employees customers or other vital business functions 1 Physical incident management edit National Fire Protection Association states that incident management can be described as a n IMS incident management system is the combination of facilities equipment personnel procedures and communications operating within a common organizational structure designed to aid in the management of resources during incidents 3 4 Physical incident management is the real time response that may last for hours days or longer The United Kingdom Cabinet Office has produced the National Recovery Guidance NRG which is aimed at local responders as part of the implementation of the Civil Contingencies Act 2004 CCA It describes the response as the following Response encompasses the actions taken to deal with the immediate effects of an emergency In many scenarios it is likely to be relatively short and to last for a matter of hours or days rapid implementation of arrangements for collaboration coordination and communication is therefore vital Response encompasses the effort to deal not only with the direct effects of the emergency itself eg fighting fires rescuing individuals but also the indirect effects eg disruption media interest 5 6 International Organization for Standardization ISO which is the world s largest developer of international standards also makes a point in the description of its risk management principles and guidelines document ISO 31000 2009 that Using ISO 31000 can help organizations increase the likelihood of achieving objectives improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment 7 This again shows the importance of not just good planning but the effective allocation of resources to treat the risk Computer security incident management edit Main article Computer security incident management Today an important role is played by a Computer Security Incident Response Team CSIRT due to the rise of internet crime and is a common example of an incident faced by companies in developed nations all across the world For example if an organization discovers that an intruder has gained unauthorized access to a computer system the CSIRT would analyze the situation determine the breadth of the compromise and take corrective action Computer forensics is one task included in this process Currently over half of the world s hacking attempts on Trans National Corporations TNCs take place in North America 57 23 of attempts take place in Europe 8 Having a well rounded Computer Security Incident Response team is integral to providing a secure environment for any organization and is becoming a critical part of the overall design of many modern networking teams Roles editIncidents within a structured organization are normally dealt with by either an incident response team IRT or an incident management team IMT These are often designated beforehand or during the event and are placed in control of the organization whilst the incident is dealt with to restore normal functions Usually as part of the wider management process in private organizations incident management is followed by post incident analysis where it is determined why the incident happened despite precautions and controls This analysis is normally overseen by the leaders of the organization with the view of preventing a repetition of the incident through precautionary measures and often changes in policy This information is then used as feedback to further develop the security policy and or its practical implementation In the United States the National Incident Management System developed by the Department of Homeland Security integrates effective practices in emergency management into a comprehensive national framework This often results in a higher level of contingency planning exercise and training as well as an evaluation of the management of the incident 9 Root cause analysis editMain article root cause analysis Human factors edit This section relies largely or entirely on a single source Relevant discussion may be found on the talk page Please help improve this article by introducing citations to additional sources Find sources Incident management news newspapers books scholar JSTOR January 2018 During the root cause analysis human factors should be assessed James Reason conducted a study into the understanding of adverse effects of human factors 10 The study found that major incident investigations such as Piper Alpha and Kings Cross Underground Fire made it clear that the causes of the accidents were distributed widely within and outside the organization There are two types of events active failure an action that has immediate effects and has the likelihood to cause an accident and latent or delayed action events can take years to have an effect and are usually combined with triggering events that then cause the accident Latent failures are created as the result of decisions taken at the higher echelons of an organisation Their damaging consequences may lie dormant for a long time only becoming evident when they combine with local triggering factors e g the spring tide the loading difficulties at Zeebrugge harbour etc to breach the system s defences Decisions taken in the higher echelons of an organization can trigger the events towards an accident becoming more likely the planning scheduling forecasting designing policymaking etc can have a slow burning effect The actual unsafe act that triggers an accident can be traced back through the organization and the subsequent failures can be exposed showing the accumulation of latent failures within the system as a whole that led to the accident becoming more likely and ultimately happening Better improvement action can be applied and reduce the likelihood of the event happening again 11 See also editNational Incident Management System in the United States Coordinated Regional Incident Management Netherlands in the NetherlandsReferences edit a b What qualifies as an incident Business Link Archived from the original on 2011 06 15 Retrieved 2018 01 04 Dictionary of business continuity management terms PDF Business Continuity Institute Archived from the original PDF on 2015 04 30 Retrieved 2015 09 03 List of NFPA Codes and Standards National Fire Protection Association 2013 Retrieved 10 April 2013 Incident Management Ready gov 2012 Archived from the original on 12 April 2013 Retrieved 10 April 2013 National Recovery Guidance GOV UK 2007 Retrieved 10 April 2013 Civil Contingencies Act 2004 legislation gov uk 2012 Retrieved 10 April 2013 ISO 31000 Risk management International Organization for Standardization 2009 Retrieved 13 April 2013 Hacking Incidents 2009 Interesting Data Roger s Security Blog TechNet Blogs 12 Mar 2010 Archived from the original on Sep 24 2012 Retrieved 2012 11 17 About the Contingency Planning and Incident Management Division Homeland Security Archived from the original on April 2 2012 Retrieved 2012 11 17 Reason J June 1995 Understanding adverse events human factors Quality in Health Care 4 2 80 9 doi 10 1136 qshc 4 2 80 PMC 1055294 PMID 10151618 O Callaghan Katherine Mary Incident Management Human Factors and Minimising Mean Time to Restore Archived 2011 09 17 at the Wayback Machine Ph D Thesis Australian Catholic University 2010 External links editNational Incident Management System Consortium in the United States United Kingdom Government legislation Civil Contingencies Act CCA 2004 2012 Federal Emergency Management Agency FEMA 2012 Further reading editAdam Krug 2014 09 16 Incident Management Software System Case Studies Case Studies 1 34 Wearne S H amp White Hunt K 2010 Managing the Urgent and Unexpected Gower Publishing Case studies Retrieved from https en wikipedia org w index php title Incident management amp oldid 1183660588, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.