U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Incident Management

Even the best information security infrastructure cannot guarantee that intrusions or other malicious acts will not happen. When computer security incidents occur, it is critical for an organization to have an effective means of managing and responding to them. The speed with which an organization can recognize, analyze, prevent, and respond to an incident will limit the damage done and lower the cost of recovery. This process of identifying, analyzing, and determining an organizational response to computer security incidents is called incident management.1 The staff, resources, and infrastructure used to perform this function makeup the incident management capability.

Having an effective incident management capability in place is an important part of the deployment and implementation of any software, hardware, or related business process. Organizations are beginning to realize that communication and interactions between system and software developers and staff performing incident management activities can provide insights for building better infrastructure defenses and response processes to defeat or prevent malicious and unauthorized activity and threats.

This content area defines what is meant by incident management and presents some best practices in building an incident management capability. It also takes a look at one particular component of an incident management capability, a computer security incident response team (CSIRT) and discusses its role in the systems development life cycle (SDLC).

Title Updated datesort ascending
Incident Management 2013-07-02
The Role of Computer Security Incident Response Teams in the Software Development Life Cycle 2008-08-20
Defining Computer Security Incident Response Teams 2007-01-24
Back to Top