Computer Security Incident Management - Process - Initial Incident Management Process

Initial Incident Management Process

  1. Employee, vendor, customer, partner, device or sensor reports event to Help Desk.
  2. Prior to creating the ticket, the help desk may filter the event as a false positive. Otherwise, the help desk system creates a ticket that captures the event, event source, initial event severity and event priority.
    1. The ticket system creates a unique ID for the event. IT Personnel must use the ticket to capture email, IM and other informal communication.
    2. Subsequent activities like change control, incident management reports and compliance reports must reference the ticket number.
    3. In instances where event information is “Restricted Access,” the ticket must reference the relevant documents in the secure document management system.
  3. The First Level Responder captures additional event data and performs preliminary analysis. The First Responder determines criticality of the event. At this level, it is either a Normal or an Escalation event.
    1. Normal events do not affect critical production systems or require change controls prior to the implementation of a resolution.
    2. Events that affect critical production systems or require change controls must be escalated.
    3. Organization management may request an immediate escalation without first level review – 2nd tier will create ticket.
  4. The event is ready to resolve. The resource enters the resolution and the problem category into the ticket and submits the ticket for closure.
  5. The ticket owner (employee, vendor, customer or partner) receives the resolution. They determine that the problem is resolved to their satisfaction or escalate the ticket.
  6. The escalation report is updated to show this event and the ticket is assigned a second tier resource to investigate and respond to the event.
  7. The Second Tier resource performs additional analysis and re-evaluates the criticality of the ticket. When necessary, the Second Tier resource is responsible for implementing a change control and notifying IT Management of the event.
  8. Emergency Response:
    1. Events may follow the escalation chain until it is determined that an emergency response is necessary.
    2. Top-level organization management may determine that an emergency response is necessary and invoke this process directly.

Read more about this topic:  Computer Security Incident Management, Process

Famous quotes containing the words initial, incident, management and/or process:

    Capital is a result of labor, and is used by labor to assist it in further production. Labor is the active and initial force, and labor is therefore the employer of capital.
    Henry George (1839–1897)

    “It is of the highest importance in the art of detection to be able to recognise out of a number of facts which are incidental and which are vital.... I would call your attention to the curious incident of the dog in the night-time.”
    “The dog did nothing in the night-time.”
    “That was the curious incident.”
    Sir Arthur Conan Doyle (1859–1930)

    The care of a house, the conduct of a home, the management of children, the instruction and government of servants, are as deserving of scientific treatment and scientific professors and lectureships as are the care of farms, the management of manure and crops, and the raising and care of stock.
    Catherine E. Beecher (1800–1878)

    Science and art are only too often a superior kind of dope, possessing this advantage over booze and morphia: that they can be indulged in with a good conscience and with the conviction that, in the process of indulging, one is leading the “higher life.”
    Aldous Huxley (1894–1963)