« Version 4.1 - 7.8 Change management process | Main | Version 4.1 - 7.10 Computer security forensics »

Version 4.1 - 7.9 Incident Response Framework

The ITIL material really thoroughly covers Change Management, Risk Management and Incident Management. Incident management has been touched on in the previous sections.

An "incident" is either an unauthorized change, a change that exceeds the change window or an event that creates some type of service outage or degradation. Normally, you would see Incident Management and Change Management implemented in the same software. The benefit for this is that you can link/associate any changes that cause an incident or changes that resolve an incident. This can give you some feedback and statistics that may point to changes that pose a greater risk than previously thought (for whatever reason).

Small incidents (low impact) may just be fixed or generate a scheduled change. Larger incidents (greater impact) are normally reviewed using a "Corrective Actions Report" or "Root Cause Analysis" report. It is a way to document "lessons learned" and provide improvements to process or other safeguards to prevent / minimize outages in the future.

If you're not intimately familiar with these subjects (risk, change and incident management), you should pick up a book on ITIL certification. There are a lot of places that offer this training - and if your workplace ever gets slots for this, volunteer for it. Depending on the instructor, the classes can be dry, but the information is invaluable.


Powered by
Movable Type 3.2