Incident Management and Response

Knowledge Center

Incident Management and Response Download (Registration Required; 664K)

Provide feedback on this document
Visit the Incident Management Knowledge Center community

Incident response is a key component of an enterprise business continuity and resilience program. The increasing number and diversity of information security threats can disrupt enterprise business activities and damage enterprise information assets. A sound risk management program can help reduce the number of incidents, but there are some incidents that can neither be anticipated nor avoided. Therefore, the enterprise needs to have an incident response capability to detect incidents quickly, contain them, mitigate impact, and restore and reconstitute services in a trusted manner. This white paper examines incident response from security, risk, privacy and assurance perspectives; identifies some key issues to be considered in an incident response program; and outlines where the COBIT 4.1 framework can be applied to the development of an effective incident response capability.

Additional incident response resources:

Endorf, Carl; Eugene Schultz; Jim Mellander; Intrusion Detection and Prevention; McGraw-Hill, USA, 2004
Grance, T.; K. Kent; B. Kim; Computer Security Incident Handling Guide: Recommendations of the National Institute of Standards and Technology, NIST Publication 800-61 rev. 1, USA, 2008
ISACA, Certified Information Security Manager (CISM) Review Manual 2012, Chapter 4, Information Security Incident Management, USA, 2012
ISACA, Cybercrime: Incident Response and Digital Forensics (out of print Nov. 2011)
ISACA, Security Incident Management Audit/Assurance Program, USA, 2009
Kabay, M.E.; CSIRT Management, USA, 2009, p. 15
Kent, K.; S. Chevalier; T. Grance; H. Dang; Guide to Integrating Forensic Techniques into Incident Response, NIST SP800-86, USA, 2006
Schultz, E.; R. Shumway; Incident Response: A Strategic Guide to Handling System and Network Security Breaches; New Riders, USA, 2002
Software Engineering Institute, CERT^® Coordination Center (CERT/CC), Carnegie Mellon University
Software Engineering Institute, CERT Coordination Center; Creating a Computer Security Incident Response Team: A Process for Getting Started, Carnegie Mellon University, 2006
Software Engineering Institute, Defining Incident Management Processes for CSIRTs: A Work in Progress, Carnegie Mellon University, USA, 2007
Sterneckert, Alan B.; Critical Incident Management, Auerbach, 2004
Symantec, Managing Security Incidents in the Enterprise, USA, 2003
United States Computer Emergency Readiness Team (US-CERT)
Vacca, John; K. Rudolph; System Forensics, Investigation and Response
West-Brown, Moira J.; Don Stikvoort; Klaus-Peter Kossakowski; Georgia Killcrece; Robin Ruefle; Mark Zajicek; Handbook for Computer Security Incident Response Teams, US-CERT: 2003-04-01, Carnegie Mellon University, USA, 2003


What is CISA	What is CISM	What is CGEIT	What is CRISC
Benefits of CISA	Benefits of CISM	Benefits of CGEIT	Benefits of CRISC
How to Become Certified	How to Become Certified	How to Become Certified	How to Become Certified
Register for the Exam	Register for the Exam	Register for the Exam	Register for the Exam
Prepare for the Exam	Prepare for the Exam	Prepare for the Exam	Prepare for the Exam
Taking the Exam	Taking the Exam	Taking the Exam	Taking the Exam
Apply for Certification	Apply for Certification	Apply for Certification	Apply for Certification
Maintain Your CISA	Maintain Your CISM	Maintain Your CGEIT	Maintain Your CRISC

World Congress: INSIGHTS	Training Week	Webinars
North America CACS	eLearning Campus	Virtual Conferences
EuroCACS / ISRM	On-Site Training
Governance, Risk and Control	Exam Review Courses	COBIT EDUCATION
North America ISRM
Latin America CACS / ISRM
Oceania CACS
Asia-Pacific CACS / ISRM


COBIT 5 Home
Product Family
Training & Accreditation
Licensing
Join the Conversation
News
Recognition
FAQs

ISACA: Serving IT Governance Professionals

Incident Management and Response

Quick Links