Incident is any event which is not a part of the normal operation of the service. The purpose of the process is to restore it as soon as possible. The metrics of the process includes the duration of the incidents in accordance with the SLA and the number of the reported incidents.
The National Incident Management System (NIMS) involves the gathering and analysis of the events from different sources in real time. The construction of such a system is done with the advice of the international standards for the incident management, current practices and experience gained to manage the incidents in the USA. This experience shows that the effective incident response requires a precise regulation of the activities and roles involved in the process.
The approach used by the National Incident Management System (NIMS) is based on the fact that the rules of actions are linked to the content writing about the incident, the structure and possible content of which are determined in accordance with the general classification of the incidents.
“The National Incident Management System (NIMS) provides an integrated framework that defines the roles and responsibilities of federal, state and local first responders during emergency events. NIMS was developed so responders from different jurisdictions and disciplines can work together better to respond to natural disasters and other emergencies. NIMS also provides the framework for the National Response Framework (NRF)” (Emergency Management: 2011).
The contents of the recording about the incident set the logic of interaction between the employees and departments of functional groups to be presented in the form of relevant regulations. This approach makes the processes of incident response clear and consistent; it improves the control and simplifies the changes to the regulations.
Incident Management provides a reduction/exclusion of the negative impact of violations, which is especially relevant in the financial and credit organizations and telecommunications companies. The process of incident management is linked to many other processes, such as risk management, monitoring/audit, change management, access control, and continuous control.
In other words, the incident management process is a kind of “motor” of the life cycle of any system. The main types of incidents are:
• functionality or non-functionality of the main modules of the informational systems;
• the absence of the access to the services, applications or information systems in general;
• erroneous information processing in information systems and applications;
• poorly working applications that affect the efficiency of operations;
• failures of hardware;
• the lack of access to the open Internet resources;
• incorrect operation of information systems;
• network overload.
The process of activities’ delivery includes the following steps:
calls registration;
incidents registration;
incidents categorization;
incidents priority;
incidents isolation;
incidents escalation;
incident tracking;
customers notification;
incidents salvation.
Management of the information security incidents includes the following steps:
• detection and registration of incidents - is based on the testimony of monitoring the availability of IT services, applications users, and is in the registration and processing of incidents;
• classification and prioritization of incidents – an identification of the causes of the incident, appropriate actions for its resolution, and the definition of critical incident for the company;
• escalation of incidents …