Incident

Management
 ✓ Scenario
✓ Understanding : Incident Management
✓ Goals and Objectives
✓ Significance of Incident Management
✓ Incident Management life cycle
✓ Terminology Required
WALK ✓ Incident Management : Activities

THROUGH ✓ Incident Management : States

✓ Example
✓ Incident Blockers
✓ Incident Management KPIs
✓ Knowledge Check
✓ Q-A
 • Mukesh is new Joinee at ABC corps. While Russia
Ukraine Warfare KB release. Few malicious IP were
Scenario published, and the management has asked to
block these IPs at necessary tools. However, by
mistake Mukesh has blocked Private IP at Perimeter
FW. As in result , It has impacted over the
production severely. And production has stopped
for about an hrs. later it has been investigated by
one of the senior specialist and event has been
handled with due care and diligence .

• The Incident Manager has asked Mukesh to

prepare Incident Response Document
Incident management is the process of identifying,
analyzing, and solving any organizational mishaps or hazards
to prevent them from happening again.
Objective : Restore normal service
operation within SLA limits ASAP .Minimize
the adverse impact on business operations. Objectives
and Goals
Goal :
• Restore the services as quickly as possible
• Minimum Disruption to users Work
• Management of an incident during its
entire lifecycle
• Support of operational activities
 • Reduced Business impact of incidents by
timely resolution
Significance
of Incident • Proactive identification of possible
Management enhancement
• Improved monitoring
• Better staff utilization
• Elimination of lost incidents and service
requests
• Better and accurate CMDB information
• Better user and Customer Satisfaction
Incident Management Life cycle
 Good to know these terminologies
Incident Response Planning (IRP)

Incident Management Flow ( IMF)

Root cause Analysis (RCA )

Incident Response Chronology( IRC)

Service level Agreement (SLA)

Business Continuity plan ( BCP )

Change approval Board (CAB) ,

Configuration Management Database (CMDB)

Governance – Regulation and Compliance (GRC)

Incident Management : Activities
Incident states
Example
Incident Detailing
Incident classification
Priority Cross tab
 Escalation

ESCALATION ESCALATION ESCALATION ESCALATION

TRIGGER MEASURES LEVEL FOCAL
Types of Escalation
 Input vs Output

Input Output

Incident reports from Services Desk and Requests for change-to-change management
Monitoring

Information about users , system configuration Information about incidents or Problems to

,service levels problems management

Information about solution ,tested workarounds Solved and closed incidents

Information about changes performed Information to the user

Reports to management
 Blockers

Least staff
commitment
Lack of clarity of
business needs

Discrepancies in customer
requirement and service
provider ( Badly defined
service goals) The quality of the
configuration
database

No integration with
other process
 KPIs
• Total number of incidents
• Average time to restore services from
point of first call (*RPO, RTO Concept in Brief)
• Number of Escalation by service desk
• Correctly escalated vs Incorrectly
escalated
• Number of incidents by passing
service desk
• Number of incidents re-opened
Incident Focal and RnR

• Incident Manager
• Incident Analyst( L1/ L2)
• SME
Question 1 :
Incident Management document / IMF is a …… type of
Control document

A. Preventive and Corrective

control document
B. Preventive control document
only
C. Deterrent control document
D. Fault measure control
document
Question 2 :

A document that contains description of any event that has

happened, which requires further investigation is called as
_________ .

A. Test Summary Report

B. Defect Report
C. Bug Report
D. Incident Report
Question 3 :

Priority = ?

A. Threat x Vulnerability
B. Urgency x Impact
C. Impact + Urgency
D. RTO + RPO
 Reference
• Modern Cyber security Startegies for Enterprises – Ashish Mishra
• informationisbeautiful.net
• www.researchgate.net
• BMC ITIL
• Slideshare
OPEN FORUM FOR Q - A

Pramod Kadam
Sr. Information Security Analyst
RNT Technologies
[email protected]

THANK YOU