Incident Management

Record and Manage security incidents lifecycle in one place - long

  • Episodes6
  • Duration6m 54s
  • LanguagesEN
Episode 4

Identifying Incidents

Methods used to identify Incidents

Introduction

There are many different methods to identify Incidents, in this episode, we will share Eramba's approach.

Types

In eramba, we make a difference between Events and Incidents.

  • An event is basically anything that calls our attention because is an odd or unknown pattern of activities that affects our organisation. An event does not necessarily mean a bad thing, for example: A fire alarm triggered because someone was doing maintenance in the kitchen.
  • An event can become an incident when it becomes clear that affects the organisation in a negative way. For example: A fire alarm was triggered because someone was making a grill in a shared space in the office.

When you manage Incidents/Events in eramba you can at any point in time switch the the type. This is important as many times throughout an investigation initial conclusions can change.

Process

We like keeping things simple, the process described below is a very simple incident management that can be implemented by any organisation.

  • When an event is detected (whatever the source it is) you can create it in eramba.
  • If the event relates to a known Risk, you can use the containment procedure for that Risk to guide your response
  • Complete and document your incident stages
  • Close the Event when all stages are completed

Throughout the process (excluding after the item is closed) you might change your opinion as to the type of problem you are dealing with, this means that you will switch from Event to Incident and viceversa.

What work must be done in the "stage" lifecycle is entire up to you and indifferent to this process.