Infrastructure icon

Develop and Implement a Security Incident Management Program

Create a scalable incident response program without breaking the bank.


This content requires an active subscription.

Access this content by logging in with your Info-Tech Research Group membership or contacting one of our representatives for assistance.

Speak With A Representative Sign In
or Call: 1-888-670-8889 (US) or 1-844-618-3192 (CAN)

View Storyboard

Solution Set Storyboard thumbnail


  • Dave Millier, CEO, Uzado Inc.
  • Mahmood Sher-Jan, EVP & General Manager, RADAR Product Unit
  • Matt Anthony, VP, Security Remediation Services,The Herjavec Group
  • Jason Bareiszis, CSIRT Manager & Principal Security Architect, Tetra Tech
  • Malcolm Brown, Industry Analyst Relations, Trend Micro
  • Mark Bernard, CISO, Government, Financial Services, Manufacturing, Pharma, Legal
  • Wayne Chung, Senior Consultant, Information Assurance, Eosensa
  • Ali Shahidi, Chief Cyber Security & Computer Forensics, InfoTransec Inc.
  • Ian Parker, Head of Corporate System Information Security, Risk, and Compliance, Fujitsu Services
  • Joey LaCour, CISO, Colonial Savings, F.A.
  • Ron Kirkland, Manager ICT Security, Crawford and Company
  • Vincent di Giambattista, Director IT Security and Compliance, Alliance Healthcare Ltd.
  • Five anonymous contributors

Your Challenge

  • Security incidents are inevitable, but how they’re dealt with can make or break an organization. Poor incident response negatively affects business practices, including workflow, revenue generation, and public image.
  • The incident response of most organizations is ad hoc at best. A formal management plan is rarely developed or adhered to, resulting in ineffective firefighting responses and inefficient allocation of resources.

Our Advice

Critical Insight

  • You will experience incidents. Organizations can’t rely on “out-of-the-box” responses anymore. They’re too broad and easy to ignore. Save your organization response time and confusion by developing your own specific incident use cases.
  • Results of incident response must be analyzed, tracked, and reviewed regularly. Otherwise a lack of comprehensive understanding of trends and patterns regarding incidents leads to being re-victimized by the same vector.
  • Establish communication processes and channels well in advance of a crisis. Don’t wait until a state of panic. Collaborate and share information mutually with other organizations to stay ahead of incoming threats.

Impact and Result

  • Short term: Streamline the process of formalizing an incident management program customized to your organization-specific needs. Respond faster and more effectively by leveraging a mature process rather than starting from scratch.
  • Long term: Once the program is in place, damage will be minimized. As incidents are properly tracked, analyzed, and handled according to a well-defined process, potential breaches will be reduced to minor incidents.

Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should develop and implement a security incident management program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

1. Prepare

Prepare your organization for incident response with formal documentation of policies and processes.

3. Maintain and optimize

Maintain and optimize the incident management process by tracking metrics and leveraging best practices.

Guided Implementations

This guided implementation is a six call advisory process.

Guided Implementation #1 - Prepare

Call #1 - Understand incident response.
Call #2 - Formalize documentation.

Guided Implementation #2 - Operate

Call #1 - Use the framework to develop a general plan.
Call #2 - Prioritize and develop runbooks.

Guided Implementation #3 - Maintain and optimize

Call #1 - Facilitate tabletop exercises.
Call #2 - Assess the success of the incident management program.

Onsite Workshop

Discuss This Workshop

Book Your Workshop

Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Prepare Your Incident Response Program

The Purpose

  • Understand the purpose of incident response.
  • Formalize the program.
  • Identify key players and escalation points.

Key Benefits Achieved

  • Common understanding of the importance of incident response.
  • Various business units aware of their role in the incident management program.
  • Formalized documentation.




Assess the current process, obligations, scope, and boundaries of the incident management program.

  • Understanding of the incident landscape

Identify key players for the response team and for escalation points.

  • An identified incident response team

Formalize documentation.

  • A security incident management charter
  • A security incident management policy

Prioritize incidents requiring preparation.

  • A list of top-priority incidents
  • A general security incident management plan

Module 2: Develop Incident-Specific Runbooks

The Purpose

  • Document the clear response procedures for top-priority incidents.

Key Benefits Achieved

  • As incidents occur, clear response procedures are documented for efficient and effective recovery.




For each top-priority incident, document the workflow from detection through analysis, containment, eradication, recovery, and post-incident analysis.

  • Three to six incident-specific runbooks

Module 3: Maintain and Optimize

The Purpose

  • Ensure the response procedures are realistic and effective.
  • Identify key metrics to measure the success of the program.

Key Benefits Achieved

  • Real-time run-through of security incidents to ensure roles and responsibilities are known.
  • Understanding of how to measure the success of the program.




Limited scope tabletop exercise.

  • Completed tabletop exercise

Discuss key metrics.

  • Key success metrics identified

Search Code: 76122
Published: October 9, 2014
Last Revised: October 6, 2016