Welcome to the SecAware blog

I spy with my beady eye ...

10 Jun 2010

Incident management processes

A blog item on Incident Management Plans caught my eye today.

"The incident management plan (IMP) is a generic and tactical component of the Business Continuity Management (BCM) Plan, offering pragmatic guidelines and responses to support immediate crisis events across a wide spectrum of risk issues as more mature and comprehensive measures are brought into play—typically meeting the needs of the first 24 to 72 hours of a crisis event."
Aside from the confusion of terms (exactly what is a 'crisis event'?), I support the author's key point about incident management spanning the gap between crisis management and continuity [and recovery] management.

In the same vein, information security incident management is but one form of incident management, which has a useful spin-off: if your organization doesn't already have a properly-thought-through process for managing information security incidents, there's a chance you might be able to tap into or plagiarise the processes used to handle other types of incident, for example health and safety incidents and perhaps even generic commercial events such as becoming a takeover target. 

Unfortunately, if your organization doesn't have those either, you're out of luck mate!  Managing information security incidents in a controlled and rational manner may be the least of your worries.


No comments:

Post a Comment