Incident Management is the process of recognizing events that will affect the business, reacting appropriately to those events, and then responding to quickly resume normal corporate operations. Events can Recognize, react and re- range from public relations missteps, internal or spond to continue the external security breaches, natural or unnatural corporate mission. disasters, terrorism, unintended privacy viola- tions, unexpected financial situations and a host of other conditions that inter- rupt normal business activities. The Incident Management Support Suapnpdort process transcends the conven- Data Data LAN PC People LAN PC Process People and Process Center Center Supplies Supplies tional thinking that pigeonholes problems and solutions according DR – Disaster Recovery to their cause. Instead, it focuses DR – Disaster Recovery on the enterprise need to function BCP/BR – Contingency/Resumption BCP/BR – Contingency/Resumption well in the face of adversity regard- IRP – Incident Response Planning less of the cause. When planning is IRP – Incident Response Planning enterprise-wide and cross discip- line, then there is Incident Management.
What Makes Incident Management Different Incident Management takes an enterprise-wide, cross discipline view of an enterprise and its business objectives so that all work done to counter any threat can be made directly applicable to all other A long and wide view to threats. For example, a terrorist attack on a enhance effectiveness building with a resulting outage in information and reduce cost. systems may have much in common with a nat- ural disaster such as a flood or a local issue such as a power failure. The meas- ures taken to counter that threat can also act to counter the threat of internal sabotage by disgruntled employees. Incident Management takes a long and wide view to bring together the dis- parate elements of Incident Response, Crisis Management, Disaster Recovery Planning, Business Continuation Planning, Health and Safety Plans and other such projects into one overriding project that enhances protection with increased cost-effectiveness and a better Return on Investment (ROI).
Who is Responsible for Incident Management The conventional wisdom has been to assign responsibility for incident man- agement based on the cause and the potential impact. Therefore, natural disas- ters were within the domain of risk management while security breaches were assigned to the technologists in the Information Security department, and the legal department handled privacy breaches. This conventional wisdom increased the cost of Incident Management and prevented optimal utilization of existing corporate resources and capabilities.
firstname.lastname@example.org www.contingenz.com Incident Management: Recognize, React, Respond © Copyright 2002-2003 All rights reserved. - 2 - incident mgt overview v2.doc
ContingenZ con-TIN-gen-ZEE: A company that improves incident Corporation™ management posture by increasing effectiveness and ROI using an enterprise-wide, unified methodology. Today's connected, global and distributed enterprises have recognized that all incidents share the same need for recogni- tion, reaction and response. Incident Management re- Therefore, they have lowered sponsibility is shared costs and increased effective- across the enterprise. ness by including all incidents within a single overarching Incident Management methodology. While responsibilities for specific actions, including detailed plans and test routines still fall to the appropriate department, the overall process and plan benefits from sharing corporate re- sources.