Computer security incident management explained

In the fields of computer security and information technology, computer security incident management involves the monitoring and detection of security events on a computer or computer network, and the execution of proper responses to those events. Computer security incident management is a specialized form of incident management, the primary purpose of which is the development of a well understood and predictable response to damaging events and computer intrusions.[1]

Incident management requires a process and a response team which follows this process. In the United States, This definition of computer security incident management follows the standards and definitions described in the National Incident Management System (NIMS). The incident coordinator manages the response to an emergency security incident. In a Natural Disaster or other event requiring response from Emergency services, the incident coordinator would act as a liaison to the emergency services incident manager.[2]

See also

References

  1. Web site: ISO 17799ISO/IEC 17799:2005(E) . Information technology - Security techniques - Code of practice for information security management . ISO copyright office . 2005-06-15 . 90–94 .
  2. Web site: NIMS - The Incident Command System . National Incident Management System . Department of Homeland Security . 2004-03-01 . 2007-04-08 . https://web.archive.org/web/20070318154341/http://www.nimsonline.com/nims_3_04/incident_command_system.htm . 2007-03-18 . dead.

Further reading