What Is Incident Management?
Incident management refers to the process an organization used to discover, assess, address, report and document incidents. The nature of incidents can vary but in call cases, they involve the potential damage or disruption of an organization’s critical assets and/or operations. Without rapid mitigation, incidents can escalate to become disastrous. The goal of any incident management process is to return the business to operational normalcy, repair any damage and follow communication protocols internally and externally.
While often correlated with IT/ITIL, incident management and response is needed across an entire organization. Some examples of incidents requiring a coordinated, rapid response:
- Privacy Breaches
- Natural Disasters
- At-Risk Employee Terminations
- Public Relations Crisis
- Product Recall
In all cases, there is a trigger followed by a coordinated, cross-departmental response that is handled by an Incident Response Team. Each team member is responsible for an aspect of the incident management activities as well as knowing how and when to escalate to another team or team member.
At the end of the process, there is a response assessment that reviews what happened, response performance and results. By recording and documenting each incident, the process can be improved and lessons can be learned for future incident management.
Sample Incident Response Process
Why Automate Incident Management Response?
Everyone has been part of a “fire drill” approach to handling an incident. In some cases individuals step up and guide the response, acting as traffic cop and doing their best to both communicate and manage activities. However, even in the best situation with the best traffic cops, the response tends to be slower and less effective than it should be. In some cases, these delays and missteps can cost an organization greatly both in terms of revenue and reputation.
Automating the process as much as possible can:
- Shorten response time and cycles
- Ensure resources are properly used and involved
- Reduce human error
- Allow the response team to focus on the task at hand
- Provide an audit trail of all response activities
- Improve communication
Having a centralized incident reporting system accessible to consistently log incidents and route them to trained personnel for the initial assessment is the first step. This alone could help ensure a rapid, more coordinated response to security incidents.
Once incidents are reported they can be prioritized based on reported or determined severity. While all incidents are logged and analyzed, “Critical” incidents might be routed immediately to the highest level remediation team and key executives. In addition, an alert might be sent back to the originator for immediate clarification and additional information. If a “Critical” incident has not had action taken on it within 5 minutes it could escalate to another team, fire off more alerts, etc.
Incident Management Response Workflow Example
Real World Incident Response Example
Our customers have built incident management systems to handle a variety of incident response needs. The example below is from a Privacy Incident system that one of our customers developed to handle potential privacy breaches. Anyone in the organization can submit an incident report and the response workflow is immediately kicked off. Note that we’re only showing part of the system here to maintain anonymity. The complexity of the process is well beyond what you see here.
How Can Integrify Help?
Integrify provides workflow management software that allows our customers to build customized, automated response processes based on any type of incident, whether it’s a cyberattack, HR issue, or any other kind of incident in need of a coordinated, rapid response. Our software is proven in the field and has been used by some of the largest companies in the world, including GlaxoSmithKline, Sony, AT&T, and BP.