Incident Management Capability Assessment
Abstract
Successful management of incidents that threaten an organizations computer security is a complex endeavor. Frequently an organizations primary focus is on the response aspects of security incidents, which results in its failure to manage incidents beyond simply reacting to threatening events. The capabilities presented in this document are intended to provide a baseline or benchmark of incident management practices for an organization. The incident management capabilitiesprovided in a series of statements and indicatorsdefine the actual benchmark. The capabilities explore different aspects of incident management activities for preparing or establishing an incident management function; protecting, detecting, and responding to unauthorized activity in an organizations information systems and computer networks; and sustaining the ability to provide those services. This benchmark can be used by an organization to assess its current incident management function for the purpose of process improvement. This assessment will also help assure system owners, data owners, and operators that their incident management services are being delivered with a high standard of quality and success within acceptable levels of risk.
Document Details
- Document Type
- Technical Report
- Publication Date
- Dec 01, 2018
- Accession Number
- AD1146977
Entities
People
- Audrey J. Dorofee
- Carly Huth
- Christopher J. Alberts
- David Mcintire
- Mark Zajicek
- Pennie Walters
- Robin Ruefle
- Samue Perl
Organizations
- Carnegie Mellon University