In my last post I explained what incidents and events are. In this post I want to briefly talk about what incident management is, and how it is of use to computer security.
Incident management is the capability to effectively manage unexpected disruptive events that happens to your computer system. Most of the time this means systems such as server, platforms and software, but can be any kind of computer system that you manage.
The object of having an incident management system is to minimize the impact that threats have on the system, and maintaining or restoring normalt operations. Incident management should include a number of actions needed to be taken before, during and after incidents happen. More on this in the next post.