Information Security Incident Management Tutorial

4.1 Welcome

Hello and welcome to the Information Security Incident Management of Certified Information Security Manager (CISM®) Course offered by Simplilearn. Let us explore the objectives of this domain in the next screen.

4.2 Objectives

After completing this domain, you will be able to: • Discuss incident management overview • Describe incident response procedures • Detail incident management in an organization • List incident management resources • Define incident management metrics and indicators • Detail incident management procedures • Explain the current state of incident response capability • Describe incident response plan • Understand business continuity and disaster recovery procedures • Detail incident response and business continuity/ disaster recovery plans testing • List post incident activities and investigation We will look at the task statements in the next screen.

4.3 Task Statements

There are ten task statements that a CISM candidate must know. They are: • Establish and monitor organizational definition and severity hierarchy • Establish and monitor an incident response plan • Develop and implement processes • Establish and maintain processes • Establish and maintain incident escalation, and notification processes We will continue looking at task statements in the next screen.

4.4 Task Statements

Some of the other task statements are: • Establish and monitor a program for information security awareness and training • Integrate information security requirements into organizational processes • Integrate information security requirements into agreements involving third party, and • Monitor periodical program management reports and operational metrics Let us attempt a quick recall question in the next screen.

4.5 Knowledge Check

This question will help you to recall the concepts you learned. Let us now look at the knowledge statements in the next screen.

4.6 Knowledge Statements

Knowledge statements form the basis of achieving task statements and this is tested in the CISM exam. The knowledge statements that a CISM candidate must know are: • Knowledge of the components of an incident response plan • Knowledge of incident management concepts and practices • Knowledge of business continuity planning (BCP) and disaster recovery planning (DRP) and their relationship to the incident response plan • Knowledge of incident classification methods • Knowledge of damage containment methods We will look at other knowledge statements in the next screen.

4.7 Knowledge Statements (contd)

Some more knowledge statements are: • Knowledge of notification and escalation processes • Knowledge of the roles and responsibilities to identify and manage information security incidents • Knowledge of equipment and tools and their sources required to adequately equip incident response teams • Knowledge of forensic requirements to collect and preserve evidence, and present them • Knowledge of internal and external incident reporting requirements and procedures We will look at some other knowledge statements in the next screen.

4.8 Knowledge Statements (contd)

Some other knowledge statements are: • Knowledge of investigative methods for identifying root causes and determining corrective actions post an incident • Knowledge of methods for quantifying damages, costs, and other business impacts occurring due to information security incidents • Knowledge of technologies and processes for detecting, logging, and analyzing information security events, and • Knowledge of the availability of internal and external resources to investigate information security incidents We will take a look at incident management overview in the next screen.

4.9 Incident Management Overview

Do you know what an incident means? An incident is an adverse event that has already caused damage or has the potential to cause damage. An incident can impact assets, reputation, and personnel of the organization. Incident management is a time specific process, within an organization, of developing and maintaining the capability to: • Detect incidents as soon as they occur as well diagnose them • Manage incidents • Lessen impacts such as encrypting hard drives of laptops so that the information is useless when the laptop is stolen • Achieve recovery from impacts • Carry out a root cause analysis that can be used to improve processes to prevent recurrence, and • Document the incident Let us attempt a quick recall question in the next screen.

4.10 Knowledge Check

This question will help you to recall the concepts you learned. We will look at incident response procedures in the next screen.

4.11 Incident Response

What does incident response mean? Incident response is the capability to: • Effectively prepare for and respond to unanticipated events • Control and limit damage, and • Restore normal operations We will continue learning about incident response in the next screen.

4.12 Incident Response (contd.)

Do you know the importance of incident response? The importance of incident management has been rising over the years because of: • Increased occurrences and losses from information security incidents • Vulnerabilities in software • Inadequate security controls that do not prevent security incidents • Legal and regulatory requirements, and • More sophisticated attackers with a profit motive Let us learn about incident response procedures in the next screen.

4.13 Incident Response Procedures

Adverse breaches such as power outages, fires, and natural disasters can disrupt IT and business operations despite best possible controls. Achieving adequate levels of information security, at a reasonable cost, requires the management to be: • Thorough • Efficient, and • Effective We will continue looking at incident response procedures in the next screen.

4.14 Incident Response Procedures (contd.)

For information security to be able to provide critical support, incident response procedures should be properly: • Designed • Implemented, and • Managed Let us attempt a quick recall question in the next screen.

4.15 Knowledge Check

This question will help you to recall the concepts you learned. We will look at outcomes of incident management in the next screen.

4.16 Incident Management Outcomes

Let’s look at the outcomes of incident management. They are: • Information assets are adequately protected • Incidents identified and contained within acceptable limits • Effective incident response plans in place • Root cause addressed for recovery within an acceptable interruption window • Communication flow to stakeholders and external parties • Documentation and increased security awareness, and • Assurance to internal and external stakeholders regarding the controls in place to ensure the organization can survive We will look at incident management concepts in the next screen.

4.17 Incident Management Concepts

What does incident management mean? Carnegie Mellon University Software Engineering Institute defines incident handling as a service that involves all the processes or tasks associated with handling events and incidents. Incident handling involves multiple functions, such as Detection and reporting, Triage, Analysis, and Incident response. Click each function to know more about incident handling. • Detection and reporting is the function for detecting event information, incident reports, and alerts and reporting them • Triage is the function for categorizing, prioritizing, and assigning events and incidents • Analysis is the function for determining the nature and impact of the damage and adherence to mitigation steps, and • Incident response is the function for resolving the incident, disseminating information, and implementing strategies to prevent recurring incidents Let us attempt a quick recall question in the next screen.

4.18 Knowledge Check

This question will help you to recall the concepts you learned. We will look at incident management systems in the next screen.

4.19 Incident Management Systems

Do you know the role of incident management system? An incident management system automates many manual processes barring incident indication process. It is used by an incident management team. An Incident management system can be used to track an incident during its life cycle. There are two types of incident management systems. They are: Centralized management systems and distributed management system. An incident management system can either be a centralized management systems such as a security information and event manager, or A distributed management system, which contain multiple incident response capabilities. Examples of distributed management systems include: network incident detection systems and host intrusion detection systems. A few questions will be presented in the following screens. Select the correct option and click Submit to see the feedback.

4.20 Incident Management System

Let’s learn more about incident management system. To manage and respond to security incidents, the information security manager must: Plan for inevitable range of likely incidents that can disrupt the organization's business operations Ensure appropriate availability of incident management and response capabilities Understand the various activities involved in a response and recovery program, and Establish the incident management team and document its responsibility We will look at the specific responsibilities of the information security manager.

4.21 Incident Management Responsibilities

In addition to managing and responding to security incidents, the information security manager has some specific responsibilities to handle. The information security manager needs to define various constituents of incident events that include: • Malicious codes attacks • Unauthorized access to IT or IS resources • Unauthorized utilization of services • Unauthorized changes to systems, network devices, or information • Denial of service • Misuse • Surveillance and espionage • Hoaxes or social engineers Let us understand senior management commitment in the next screen.

4.22 Senior Management Commitment

Do you know the criteria required to approve incident management and response? Senior management is critical to the success of incident management and response. For a senior management to approve incident management and response: • A business case must be provided that ensures that incident management is effective in responding to threats facing the company • In addition, incident management should also tie in with business objectives, and • As incident management and response is a component of risk management, it requires similar support from senior management A few questions will be presented in the following screens. Select the correct option and click Submit to see the feedback.

4.23 Incident Management Resources

Let’s now learn about incident management resources. Resources available in an organization must be identified and utilized in the development of an incident management and responses plan. The information security manager must be informed about the resources to combat incident effectively. Click on each resource to know more. • Incident response plan must be backed by well-defined policies, standards, and procedures • The information security manager must be able to relate incidents with information security principles, which include confidentiality, availability, authentication, integrity, access control, nonrepudiation and privacy • An incident response team must comprise the information security manager, steering committee, dedicated team members, and so on • The roles and responsibilities for incident response team personnel must be well defined. Also the team members must be equipped with personal skills, such as communication, integrity, and time management and also technical skills, such as incident handling skills • Staff must be made aware and trained on how to respond to incidents, and lastly • Audits should be performed to verify compliance with policies Let us look at the outcomes of incident management in the next screen.

4.24 Outcomes of Incident Management

Incident management: • Is a term that includes incident response • Incident management encompasses a variety of activities including proactive efforts to limit or prevent incident Incident response is the reactive element in the event of an incident. Let us look at some more outcomes of incident management in the next screen.

4.25 Outcomes of Incident Management (contd.)

An organization that has a good incident management and response • Can deal effectively with unanticipated events • Has sufficient detection and monitoring capabilities • Has well defined severity and declaration criteria as well as defined escalation and notification processes • Has trained personnel in the recognition of incidents, application of severity, and proper reporting and escalation procedures • Has response capabilities that support the business strategy • Proactively manages risks of incidents appropriately • Periodically tests its capabilities, and • Provides monitoring and metrics to gauge performance of incident management and response capabilities Let us learn about incident response team in the following screen.

4.26 Incident Response Team

Incident Response Team (IRT) in an organization comprises Central Incident, Distributed IRT, Coordinating IRT, and Outsourced IRT. Click each team to know more their responsibilities. • Central IRT handles all incidents for the organization • Distributed IRT is distributed among several teams for a logical or physical segment of the infrastructure. It is usually applicable for a large organization or organization that is geographically dispersed • Coordinating IRT may coordinate or support incident response for incidents. They coordinate on guidance, developing policies and standards, providing training, conducting exercises, and coordinate support responses, and • Outsourced IRT is a partially or fully outsourced team that responds to incidents We will attempt a quick recall question in the next screen.

4.27 Knowledge Check

This question will help you to recall the concepts you learned. Let us look at the various roles and responsibilities in incident management in the next screen.

4.28 Roles and Responsibilities

What are the roles and responsibilities of incident management? The following are the various positions of incident response team together with their roles and responsibilities: • The security steering group (SSG) is the highest structure of an organization’s functions related to information security. Their major responsibilities include taking responsibility for overall incident management and response concept, approving incident management team charter, approving exceptions or deviations, and making the final decisions • The information security manager is the incident management team leader and is the main interlace to SSG. The major responsibilities of the information security manager include, developing and maintaining incident management and response capability, effectively managing risk and incidents and performs proactive and reactive measures to control information risk level Let us continue learning about more roles and responsibilities in the next screen.

4.29 Roles and Responsibilities (contd.)

Some more roles and responsibilities of incident management are: • The incident response manager, who is also the incident response team leader, supervises incident response tasks, coordinates resources to effectively perform the tasks, takes responsibility for successful execution of incident response plan, and finally presents incident response report and lessons learned to SSG members. • The incident handler, who is the incident management or response team member, performs incident response tasks to contain exposures from an incident, documents steps taken when executing incident response plan, maintains chain of custody and observes incident handling procedures for court purposes, and writes incident response report and lessons learned. Let us continue learning about more roles and responsibilities in the next screen.

4.30 Roles and Responsibilities (contd.)

Some other roles and responsibilities of incident management include: • The IT security specialist, who is the incident management or response team member or a subject matter expert in IT security has the responsibility to perform complex and in-depth IT security-related tasks as part of incident response plan. The specialist also performs IT security assessment or audit as a proactive measure and part of vulnerability management • The investigator, who is also the incident management or response team member, performs investigative tasks to a specific incident, finds root cause of an incident, and writes report of investigation findings, and • The business managers are the business function owners and also the information assets or system owners. Their main responsibilities are to make decisions—based on incident management or response team recommendations—on matters related to information assets or systems when an incident happens, and to provide clear understanding of business impact in BIA process or in incident response plan Let us attempt a quick recall question in the next screen.

4.31 Knowledge Check

This question will help you to recall the concepts you learned. Let us continue learning more roles and responsibilities in the next screen.

4.32 Roles and Responsibilities (contd.)

There are some more roles and responsibilities of incident management. They are: • The IT specialists or representatives are the subject matter experts in IT services. Their responsibilities are to provide support to incident management or response team when resolving incidents and to maintain information systems in a good condition per company policy and best practices • The legal representatives are the subject matter experts in legal matters. They provide assistance in incident management/response when there is a legal suit, and • The risk management specialists are the subject matter experts in risk area. Their major responsibility is to work closely with business managers and senior management to determine and manage risk and also to provide input such as business impact assessment or risk management strategy to incident management Let us continue learning about some more roles and responsibilities in the next screen.

4.33 Roles and Responsibilities (contd.)

Some other roles and responsibilities of incident management are: • The HR is the subject matter expert in HR area. The main responsibility of the HR is to provide assistance in incident management or response when there is a need to investigate an employee suspected of causing an incident and also integrating HR policy to support incident management or response (sanctions to employees found to violate acceptable use of policy or involved in an incident) • The public relations executive is the subject matter expert in PR. The responsibilities of a public relations executive include providing controlled communication to internal and external stakeholders to minimize any adverse impact to ongoing incident response activities, protecting an organization’s brand and reputation, and also providing assistance to incident management or response team in communication issues, thus helping the team to work on critical issues on resolving an incident In the next screen we will look at skills required for an IRT.

4.34 Skills for IRT

To build an IRT with capable incident handlers, organizations need people with certain skill sets and technical expertise. Basic skills that IRT members must have include: • Integrity as the teams deal with sensitive information, and understanding their limitations • Presentation skills and communicating effectively the critical components to the management • Team skills while working with others and leadership skills in directing other users • Ability to follow policies and procedures • Stress and time management skills, and • Problem solving skills A few questions will be presented in the following screens. Select the correct option and click Submit to see the feedback.

4.35 Incident Management Objectives

Let’s now look at the objectives of incident management. The objectives of incident management are to handle incidents, prevent previous incidents, and to deploy proactive countermeasures. Click each objective to know more. • Handle incidents when they occur so that the exposure can be contained or eradicated to enable recovery • Prevent previous incidents from recurring by documenting and learning from past incidents, and • Deploy proactive countermeasures to prevent or minimize the probability of incidents from taking place In the next screen we will look at the desired state of incident management.

4.36 Desired State of Incident Management

After learning about the objectives of incident management, let’s now understand what incident management and response will need. Incident management and response will need: • A wide variety of possible unexpected events addressed • Well-developed monitoring capabilities for key controls • Personnel trained in assessing the situation, capable of providing training, and managing effective responses • Managers who have made provisions to capture all relevant information and apply previously learned lessons, and lastly • Managers who know when a disaster is imminent and have well-defined criteria, experience, knowledge, and the authority to invoke the necessary disaster recovery processes Let us attempt a quick recall question in the next screen.

4.37 Incident Management Metrics and Indicators

Incident management metrics, measures, and indicators are the criteria used to measure the effectiveness and efficiency of the incident management function. Common criteria that are used as part of incident management metrics include: • Total number of reported incidents • Total number of detected incidents • Average time to respond to an incident relative to the acceptable interruption window (AIW), and • Average time to resolve an incident Let us continue with the incident management metrics in the next screen.

4.38 Incident Management Metrics and Indicators (contd.)

The other incident management metrics are: • Proactive and preventive measures taken • Total number of employees given security awareness training • Total damage from reported and detected incidents if incident response was not performed, and • Total savings from potential damages from incidents resolved We will look at strategic alignment in the next screen.

4.39 Knowledge Check

This question will help you to recall the concepts you learned. In the next screen we will look at strategic alignment

4.40 Strategic Alignment

Incident management must be aligned with an organization’s strategic plan, for instance constituency, mission, services, organizational structure, resources, funding, and management buy-in. Click each strategic plan to know more. • Constituency specifies to whom the incident management team provides services • Mission defines the purpose and primary objectives of the incident management team • Services provided by the incident management team must be clearly defined to manage stakeholder expectations • Organizational structure must be effectively supported by incident management • Sufficient staffing is needed for incident management to be effective • Sufficient funding is required to ensure the continuity of critical incident response services, and • Senior management buy-in is essential for establishing and supporting the incident management function Let us attempt a quick recall question in the next screen.

4.41 Knowledge Check

This question will help you to recall the concepts you learned. We will look at risk management and process assurance integration in the next screen.

4.42 Risk Management and Assurance Integration

After learning about the importance of strategic alignment in incident management, let’s learn about the outcomes of successful risk management and assurance integration. Successful outcomes of risk management include effective incident management and response capabilities. Any risk that materializes and is not prevented by controls, will constitute an incident. It must be managed so that it will not escalate into a disaster. The type and nature of incidents may require involvement of a number of other organizational assurance functions. These may include physical security, legal, HR, and audit among others. The information security manager must incorporate and integrate requirements, responsibilities, and activities of other functions in the incident management and response plan. This includes linkages with other functions to be tested under realistic conditions. Let’s look at value delivery and resource management in the next screen

4.43 Value Delivery and Resource Management

What precautions should the incident management take to deliver value? Incident management capabilities must be closely integrated with business functions. To deliver value, incident management should: • Integrate with business processes and structures as seamlessly as possible • Improve the capability of businesses to manage risk and provide assurance to stakeholders • Integrate with Business Continuity Planning (BCP) • Become part of an organization’s overall strategy and effort to protect and secure critical business function and assets, and • Provide the backstop and optimize risk management efforts The incident management and response consume resources to achieve optimal effectiveness and address important priorities first. Let us attempt a quick recall question in the next screen.

4.44 Knowledge Check

This question will help you to recall the concepts you learned. Let us look at performance management in the next screen.

4.45 Performance Management

What is the focus of performance measurements? Performance measurements for incident management and response focus on achieving the defined objectives and optimizing effectiveness. On the other hand, Key Performance Indicators (KPIs) and Key Goal Indicators (KGIs) should be defined and agreed upon by stakeholders and ratified by senior management. In the next screen we will look at incident management procedures.

4.46 Defining Incident Management Procedures

Let’s learn the characteristics of incident management procedure. The characteristics of incident management procedure are: • There is no single, fixed and one-size-fits-all set of incident management procedures • Incident management procedure consists of a number of good practices that most organizations adopt, and • The commonly adopted approaches are from Carnegie Mellon University Software Engineering Institute (CMU/SEI) and the SANS Institute In the following screen we will look at the detailed plan of action for incident management.

4.47 Detailed Plan of Action for Incident Management

What does CMU/SEI report mean? CMU/SEI report of defining incident management process contains processes such as: prepare, protect infrastructure, detect events, triage, and response. Click each process to know more. • The first step is preparation work that has to take place before an organization can respond to incidents. This involves coordinate planning and designing, and identifying incident management requirements • Protecting infrastructure aims to protect and secure critical data and computing infrastructure and its constituency when responding to changes • Detecting events identifies unusual suspicious activity that might compromise critical business functions or infrastructure • Triage is a process of sorting, categorizing, correlating, prioritizing, and assigning incoming reports and/or events, and lastly • Responding to incidents includes steps taken to resolve incidents. The response can either be technical, managerial, or legal. Let us attempt a quick recall question in the next screen.

4.48 Knowledge Check

This question will help you to recall the concepts you learned. In the next screen we look at the current state of incident response capability.

4.49 Current State of Incident Response Capability

Most organizations have some sort of incident response capability which can either be ad-hoc or formal. The information security manager must identify the current state of incident response capability. Past incidents, both internal and external, provide valuable information on trends, types, and business impacts. The methods to identify current state are: • Surveys and focus group discussion of senior management, business managers, and IT representatives • Self-assessment conducted by incident management team, and • External assessment or audit that will combine interviews, simulation and surveys In the next screen we will learn about threats and vulnerabilities.

4.50 Threats and Vulnerabilities

What are threats and vulnerabilities? Threats are any adverse events that may cause harm to an organization’s assets, operations, or personnel. Threats can be environmental such natural disasters like flood, technical such as electrical failure, or man made threats such as political instability. Threat management will involve the identification, response, and monitoring of any possible dangers. On the other hand vulnerabilities are weaknesses in a system, technology, process, people, or control that can be exploited and result in exposure. Vulnerabilities can be hardware-based such as humidity or dust, software-based such as missing audit trails or network-based such as having insecure protocols. Vulnerability management is part of the incident management capability; it is the proactive identification, monitoring, and fixing of any weaknesses. A few questions will be presented in the following screens. Select the correct option and click Submit to see the feedback.

4.51 Developing an Incident Response Plan

What does incident response plan mean? An incident response plan is the operational component of incident management. It details the actions, personnel, and activities that take place in the case of adverse events resulting in the loss of information systems or processes. We will continue looking at developing an incident response plan next screen.

4.52 Developing an Incident Response Plan

Let’s look at the guidelines for incident handling. Shultz, Brown, and Longstaff proposed a model for incident handling in a University of California technical report – “Responding to Computer Security Incidents.” The guidelines in the report present six phases of incident response. They are preparation, identification, containment, eradication, recovery, and lessons learned. Click each phase to learn more. • The first phase is preparation where an organization plans for an incident response • The second phase is identification of any incident that has happened • In the third phase, the incident management team contains an incident after it has happened • After the incident has been contained, the fourth phase involves eradicating the incident through finding out the root cause of the issue • In the fifth phase, the systems affected are recovered and restored to the stage specified by the service deliver objective, and • In the sixth and the final phase a report should always be prepared after the incident to document the lessons learned Let us attempt a quick recall question in the next screen.

4.53 Knowledge Check

This question will help you to recall the concepts you learned. We will look at elements of gap analysis, which is used as a basis for developing an incident response plan in the next screen.

4.54 Gap Analysis

After learning about the guidelines for incident handling, let’s now understand the role of gap analysis. Gap analysis provides information on the gap between current incident response capabilities and the desired level. By comparing the two levels, the following may be identified: • Processes that need to be improved to be more efficient and effective • Resources needed to achieve the objectives for the incident response capabilities The gap identified can therefore be used in developing gap analysis. We will look at business impact assessment in the next screen.

4.55 Business Impact Assessment

What is the purpose of Business Impact Assessment (BIA)? The purpose of BIA is to create a report that helps stakeholders understand what impact an incident would have on the business. Critical results of a BIA include: • Prioritization of business units that are critical and impact of the incident on them • It should be possible to estimate the level of downtime that the organization can tolerate and still be viable through measures such as maximum tolerable outage and maximum tolerable downtime, and • Resource requirements should be identified for critical processes BIA should establish the escalation of loss over time, identify the minimum resources needed for recovery, and prioritize the recovery of processes and supporting systems. BIA includes the following activities: • Gathering assessment material for an organization through identification of critical processes within a business unit • Analyzing the information that is gathered through identification of interdependencies, and • Documenting the result and presenting recommendations Let us attempt a quick recall question in the next screen.

4.56 Knowledge Check

This question will help you to recall the concepts you learned. We will look at business impact assessment elements in the next screen.

4.57 Elements of Business Impact Assessment

After learning the purpose of BIA, let’s look at the common elements in a BIA. The elements in a BIA • Describe the business mission of each business/cost center • Identify functions that characterize each business function • Determine dependencies such as required inputs from other operations • Determine other subsequent operations dependent on function, and • Identify critical processing cycles in terms of time intervals for each function We will look at more elements of BIA in the next screen.

4.58 Elements of Business Impact Assessment (contd.)

The elements in a BIA • Estimate the impact of each type of incident on business operations • Identify resources and activities required to restore an acceptable level of operation • Determine work-around possibilities, and • Estimate the amount of time that recovering from each type of incident is likely to take We will look at benefits of carrying out a business impact assessment.

4.59 Benefits of Business Impact Assessment (contd.)

Conducting BIA produces several benefits, including: • Increasing the understanding of the amount of potential loss, and various other undesirable effects, that could occur from certain types of incidents • Facilitating all response management activities, and • Raising the level of awareness for response management within an organization or business Let us attempt a quick recall question in the next screen.

4.60 Knowledge Check

This question will help you to recall the concepts you learned. We will look at escalation procedures in the next screen.

4.62 Incident Management and Response Team

An incident management and response team comprises a number of teams depending upon size of organization and magnitude of operations. The examples include: • The emergency action team that deals with the crisis that occur • Damage assessment team that assesses the loss • Emergency management team that coordinates all recovery efforts • Relocation team that coordinates moving to an alternate processing site, and • Security team that monitors communication and security links Let us attempt a quick recall question in the next screen.

4.63 Knowledge Check

This question will help you to recall the concepts you learned. We will look at incident notification process in the next screen.

4.64 Incident Notification Process

What does incident notification process mean? It is critical for any information security program to have an effective and timely security incident notification process. The process should describe the following: • Responsibility of the information security manager, and • Mechanisms that enable an automated detection system or monitor to send email, Short Messaging Service (SMS) or phone messages to be utilized Notification activities are effective only if knowledgeable personnel understand and address them in timely manner. We will continue discussing incident notification process in the next screen.

4.65 Incident Notification Process (contd.)

Let’s look at the functions that need an incident notification process. Functions that are most likely to need information concerning incidents when they occur are: • Risk management • Human resources especially when incidents involve employees • Legal • Public relations • Network operations We will look at the challenges in developing an incident management plan in the next screen.

4.66 Challenges in Developing an Incident Management Plan

There may be unanticipated challenges in developing an incident management plan. This may be the result of: • Lack of management buy-in and organizational consensus within business units • Mismatch to organizational goals and structure especially in a fast changing environment • Incident Management Team (IMT) member turnover and therefore requirement for constant re-training • Lack of communication process which might result in inadequate understanding of incident management or too much communication that might result in incident management competing with day to day reports, and • Complex and wide plan which covers too many issues A few questions will be presented in the following screens. Select the correct option and click Submit to see the feedback.

  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.

Request more information

For individuals
For business
Name*
Email*
Phone Number*
Your Message (Optional)
We are looking into your query.
Our consultants will get in touch with you soon.

A Simplilearn representative will get back to you in one business day.

First Name*
Last Name*
Email*
Phone Number*
Company*
Job Title*