Chapter 14: Incident Management
Incident management (IcM) is describing the activities of an organization to identify, analyze, and correct hazards to prevent a future re-occurrence. These incidents within a structured organization are normally dealt with by either an Incident Response Team (IRT), or an Incident Management Team (IMT). These are often designated before hand, or during the event and are placed in control of the organization whilst the incident is dealt with, to restore normal functions.
An incident is an event that could lead to loss of, or disruption to, an organization's operations, services or functions. If not managed an incident can escalate into an emergency, crisis or a disaster. Incident management is therefore the process of limiting the potential disruption caused by such an event, followed by a return to business as usual.
From ITIL point of view, the activities of Incident Management are:
- Identification - detect or reported the incident
- Registration - the incident is registered in an ICM System
- Categorization - the incident is categorized by priority, SLA etc. attributes defined above
- Prioritization - the incident is prioritized for better utilization of the resources and the Support Staff time
- Diagnosis - reveal the full symptom of the incident
- Escalation - should the Support Staff need support from other organizational units
- Investigation and diagnosis - if no existing solution from the past could be found the incident is investigated and root cause found
- Resolution and recovery - once the solution is found the incident is resolved
- Incident closure - the registry entry of the incident in the ICM System is closed by providing the end-status of the incident
Example:
When you detect a problem Malicious.Virus via periviously adjusted as alarm or scheduled report, you can create a task as below,