Computer Security Incident Management - Process - Initial Incident Management Process

Initial Incident Management Process

  1. Employee, vendor, customer, partner, device or sensor reports event to Help Desk.
  2. Prior to creating the ticket, the help desk may filter the event as a false positive. Otherwise, the help desk system creates a ticket that captures the event, event source, initial event severity and event priority.
    1. The ticket system creates a unique ID for the event. IT Personnel must use the ticket to capture email, IM and other informal communication.
    2. Subsequent activities like change control, incident management reports and compliance reports must reference the ticket number.
    3. In instances where event information is “Restricted Access,” the ticket must reference the relevant documents in the secure document management system.
  3. The First Level Responder captures additional event data and performs preliminary analysis. The First Responder determines criticality of the event. At this level, it is either a Normal or an Escalation event.
    1. Normal events do not affect critical production systems or require change controls prior to the implementation of a resolution.
    2. Events that affect critical production systems or require change controls must be escalated.
    3. Organization management may request an immediate escalation without first level review – 2nd tier will create ticket.
  4. The event is ready to resolve. The resource enters the resolution and the problem category into the ticket and submits the ticket for closure.
  5. The ticket owner (employee, vendor, customer or partner) receives the resolution. They determine that the problem is resolved to their satisfaction or escalate the ticket.
  6. The escalation report is updated to show this event and the ticket is assigned a second tier resource to investigate and respond to the event.
  7. The Second Tier resource performs additional analysis and re-evaluates the criticality of the ticket. When necessary, the Second Tier resource is responsible for implementing a change control and notifying IT Management of the event.
  8. Emergency Response:
    1. Events may follow the escalation chain until it is determined that an emergency response is necessary.
    2. Top-level organization management may determine that an emergency response is necessary and invoke this process directly.

Read more about this topic:  Computer Security Incident Management, Process

Famous quotes containing the words initial, incident, management and/or process:

    Capital is a result of labor, and is used by labor to assist it in further production. Labor is the active and initial force, and labor is therefore the employer of capital.
    Henry George (1839–1897)

    Every incident connected with the breaking up of the rivers and ponds and the settling of the weather is particularly interesting to us who live in a climate of so great extremes. When the warmer days come, they who dwell near the river hear the ice crack at night with a startling whoop as loud as artillery, as if its icy fetters were rent from end to end, and within a few days see it rapidly going out. So the alligator comes out of the mud with quakings of the earth.
    Henry David Thoreau (1817–1862)

    No officer should be required or permitted to take part in the management of political organizations, caucuses, conventions, or election campaigns. Their right to vote and to express their views on public questions, either orally or through the press, is not denied, provided it does not interfere with the discharge of their official duties. No assessment for political purposes on officers or subordinates should be allowed.
    Rutherford Birchard Hayes (1822–1893)

    The American, if he has a spark of national feeling, will be humiliated by the very prospect of a foreigner’s visit to Congress—these, for the most part, illiterate hacks whose fancy vests are spotted with gravy, and whose speeches, hypocritical, unctuous, and slovenly, are spotted also with the gravy of political patronage, these persons are a reflection on the democratic process rather than of it; they expose it in its process rather than of it; they expose it in its underwear.
    Mary McCarthy (1912–1989)