Information security
Incident management
The process involves handling incidents—unplanned interruptions or reductions in quality of IT services—to restore normal service operation as quickly as possible. Problem management is closely related to incident management, it focuses on addressing the root causes of incidents to prevent them from recurring.
An incident is an unplanned interruption or reduction in the quality of IT services, whereas a problem is the underlying cause of one or more incidents. For example, if a server outage causes a disruption in service, incident management would focus on restoring service as quickly as possible, while problem management would investigate the root cause of the server outage to prevent similar incidents in the future.
Close terminology
Service Desk – The service desk is a centralized point of contact for users to report incidents, request services, and seek assistance. It often plays a key role in incident management by logging and triaging incidents.
Change Management – Change management is the process of controlling changes to the IT environment in a way that minimizes disruption to services while ensuring that changes are implemented efficiently and effectively.
ITIL (Information Technology Infrastructure Library) – ITIL is a framework of best practices for IT service management, including incident management, problem management, change management, and other processes aimed at aligning IT services with the needs of the business.
Root Cause Analysis (RCA) – Root cause analysis is a systematic process for identifying the underlying causes of problems or incidents. It is often used in problem management to prevent incidents from recurring.
Continuous Improvement – Continuous improvement is an ongoing effort to improve the quality, efficiency, and effectiveness of processes and services. It is a key principle of service management and is applied to incident management, problem management, and other processes.
Service Management (SM) – A set of practices and processes for managing and delivering services, basically: IT, to meet the needs of the business. It encompasses incident management, problem management, change management, and other processes aimed at delivering value to customers through the services.
Plan
System of identifying incidents requires planning on how to register them, recover, and conclude on long term consequences (problems).
Response
Special alerts address issues or incidents identified through monitoring. To work properly, the incident response mechanism needs well calibrated indicators and then applies response procedures to start corrective actions . NIST: " Accepting, avoiding, mitigating, sharing, or transferring risk to organizational operations (mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation. "
Problem based
Incident management is typically reactive, responding to incidents as they occur and working to resolve them in a timely manner. In contrast, problem management takes a proactive approach, seeking to identify and address potential issues before they result in incidents. By analyzing incident data and trends, problem management can identify recurring problems or systemic issues that need to be addressed to prevent future incidents. This way, the incident management will be more effective when supported by problem management.
INs and OUTs (section under development)
coming in
going out
Controls to review
regulation, documentation, reports