An incident is an event that could lead to loss of, or disruption to, an organization's operations, services or functions. Incident management (IcM) is a term describing the activities of an organization to identify, analyze, and correct hazards to prevent a future re-occurrence. These incidents within a structured organization are normally dealt with by either an

incident response team An incident response team (IRT) or emergency response team (ERT) is a group of people who prepare for and respond to an emergency, such as a natural disaster or an interruption of business operations. Incident response teams are common in public s ...

(IRT), an

incident management team {{No footnotes, date=September 2020 Incident management team (IMT) is a term used in the United States of America to refer to a group of trained personnel that responds to an emergency. Although the incident management team concept was originally ...

(IMT), or

Incident Command System The Incident Command System (ICS) is a standardized approach to the command, control, and coordination of emergency response providing a common hierarchy within which responders from multiple agencies can be effective. ICS was initially develo ...

(ICS). Without effective incident management, an incident can disrupt business operations, information security, IT systems, employees, customers, or other vital business functions.

Description

An incident is an event that could lead to the loss of, or disruption to, an organization's operations, services or functions. Incident management (IcM) is a term describing the activities of an organization to identify, analyze, and correct hazards to prevent a future re-occurrence. If not managed, an incident can escalate into an emergency, crisis or disaster. Incident management is therefore the process of limiting the potential disruption caused by such an event, followed by a return to business as usual. Without effective incident management, an incident can disrupt business operations, information security, IT systems, employees, customers, or other vital business functions.

Physical incident management

National Fire Protection Association The National Fire Protection Association (NFPA) is an international nonprofit organization devoted to eliminating death, injury, property and economic loss due to fire, electrical and related hazards. As of 2018, the NFPA claims to have 50,000 mem ...

states that incident management can be described as, ' IMS ncident management systemis "the combination of facilities, equipment, personnel, procedures and communications operating within a common organizational structure, designed to aid in the management of resources during incidents". Physical incident management is the real-time response that may last for hours, days, or longer. The United Kingdom Cabinet Office has produced the National Recovery Guidance (NRG), which is aimed at local responders as part of the implementation of the

Civil Contingencies Act 2004 The Civil Contingencies Act 2004 (c. 36) is an Act of the Parliament of the United Kingdom that makes provision about civil contingencies. It also replaces former Civil Defence and Emergency Powers legislation of the 20th century. Background to ...

(CCA). It describes the response as the following: "Response encompasses the actions taken to deal with the immediate effects of an emergency. In many scenarios, it is likely to be relatively short and to last for a matter of hours or days – rapid implementation of arrangements for collaboration, coordination and communication is, therefore, vital. Response encompasses the effort to deal not only with the direct effects of the emergency itself (eg fighting fires, rescuing individuals) but also the indirect effects (eg disruption, media interest)".

International Organization for Standardization The International Organization for Standardization (ISO ) is an international standard development organization composed of representatives from the national standards organizations of member countries. Membership requirements are given in Ar ...

(ISO), which is the world's largest developer of international standards also makes a point in the description of its risk management, principles and guidelines document

ISO 31000 ISO 31000 is a family of standards relating to risk management codified by the International Organization for Standardization. ISO 31000:2018 provides principles and generic guidelines on managing risks that could be negative faced by organizatio ...

:2009 that, "Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment". This again shows the importance of not just good planning but the effective allocation of resources to treat the risk.

Computer security incident management

Today, an important role is played by a Computer Security Incident Response Team (CSIRT), due to the rise of internet crime, and is a common example of an incident faced by companies in developed nations all across the world. For example, if an organization discovers that an intruder has gained unauthorized access to a computer system, the CSIRT would analyze the situation, determine the breadth of the compromise, and take corrective action.

Computer forensics Computer forensics (also known as computer forensic science) is a branch of digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensical ...

is one task included in this process. Currently, over half of the world's hacking attempts on Trans National Corporations (TNCs) take place in North America (57%). 23% of attempts take place in Europe. Having a well-rounded Computer Security Incident Response team is integral to providing a secure environment for any organization, and is becoming a critical part of the overall design of many modern networking teams.

Roles

Incidents within a structured organization are normally dealt with by either an

(IRT), or an

(IMT). These are often designated beforehand or during the event and are placed in control of the organization whilst the incident is dealt with, to restore normal functions. Usually, as part of the wider management process in private organizations, incident management is followed by post-incident analysis where it is determined why the incident happened despite precautions and controls. This analysis is normally overseen by the leaders of the organization, with the view of preventing a repetition of the incident through precautionary measures and often changes in policy. This information is then used as feedback to further develop the security policy and/or its practical implementation. In the United States, the

National Incident Management System The National Incident Management System (NIMS) is a standardized approach to incident management developed by the United States Department of Homeland Security. The program was established in March 2004, in response to Homeland Security Presidentia ...

, developed by the

Department of Homeland Security The United States Department of Homeland Security (DHS) is the U.S. federal executive department responsible for public security, roughly comparable to the interior or home ministries of other countries. Its stated missions involve anti-terr ...

, integrates effective practices in emergency management into a comprehensive national framework. This often results in a higher level of contingency planning, exercise and training, as well as an evaluation of the management of the incident.

Root cause analysis

Human factors

During the

root cause analysis In science Science is a systematic endeavor that builds and organizes knowledge in the form of testable explanations and predictions about the universe. Science may be as old as the human species, and some of the earliest archeologic ...

, human factors should be assessed. James Reason conducted a study into the understanding of adverse effects of human factors. The study found that major incident investigations, such as

Piper Alpha Piper Alpha was an oil platform located in the North Sea approximately north-east of Aberdeen, Scotland. It was operated by Occidental Petroleum (Caledonia) Limited (OPCAL) and began production in 1976, initially as an oil-only platform but la ...

and

Kings Cross Underground Fire The King's Cross fire was a 1987 fire in a London Underground station with 31 fatalities, after a fire under a wooden escalator suddenly spread into the underground ticket hall in a flashover. The fire began at approximately 19:30 on 18 Novembe ...

, made it clear that the causes of the accidents were distributed widely within and outside the organization. There are two types of events: active failure—an action that has immediate effects and has the likelihood to cause an accident—and latent or delayed action—events can take years to have an effect and are usually combined with triggering events that then cause the accident. Latent failures are created as the result of decisions taken at the higher echelons of an organisation. Their damaging consequences may lie dormant for a long time, only becoming evident when they combine with local triggering factors (e.g., the

spring tide Tides are the rise and fall of sea levels caused by the combined effects of the gravitational forces exerted by the Moon (and to a much lesser extent, the Sun) and are also caused by the Earth and Moon orbiting one another. Tide tables ca ...

, the loading difficulties at

Zeebrugge Zeebrugge (, from: ''Brugge aan zee'' meaning "Bruges at Sea", french: Zeebruges) is a village on the coast of Belgium and a subdivision of Bruges, for which it is the modern port. Zeebrugge serves as both the international port of Bruges-Zeeb ...

harbour, etc.) to breach the system's defences. Decisions taken in the higher echelons of an organization can trigger the events towards an accident becoming more likely, the planning, scheduling, forecasting, designing, policymaking, etc., can have a slow burning effect. The actual unsafe act that triggers an accident can be traced back through the organization and the subsequent failures can be exposed, showing the accumulation of latent failures within the system as a whole that led to the accident becoming more likely and ultimately happening. Better improvement action can be applied, and reduce the likelihood of the event happening again.O’Callaghan, Katherine Mary
Incident Management: Human Factors and Minimising Mean Time to Restore
, Ph.D. Thesis, Australian Catholic University, 2010.

References

{{reflist, 2

External links

National Incident Management System Consortium
in the United States
United Kingdom Government legislation, Civil Contingencies Act (CCA) 2004
(2012)
Federal Emergency Management Agency (FEMA)
(2012)