Develop and Implement a Security Incident Management Program

Create a scalable incident response program without breaking the bank.


This content requires an active subscription.

Access this content by logging in with your Info-Tech Research Group membership or contacting one of our representatives for assistance.

Speak With A Representative Sign In
or Call: 1-888-670-8889 (US) or 1-844-618-3192 (CAN)

Your Challenge

  • Security incidents are inevitable, but how they’re dealt with can make or break an organization. Poor incident response negatively affects business practices, including workflow, revenue generation, and public image.
  • The incident response of most organizations is ad hoc at best. A formal management plan is rarely developed or adhered to, resulting in ineffective firefighting responses and inefficient allocation of resources. 

Our Advice

Critical Insight

  • Organizations can’t rely on “out-of-the-box” classifications anymore. They’re too broad and easy to ignore. Save your organization response time and confusion by developing your own specific incident use cases.
  • Results of incident response must be analyzed, tracked, and reviewed regularly. Otherwise a lack of comprehensive understanding of trends and patterns regarding incidents leads to being re-victimized by the same vector.
  • Establish communication processes and channels well in advance of a crisis. Don’t wait until a state of panic. Collaborate and share information mutually with other organizations to stay ahead of incoming threats. 

Impact and Result

  • Short term: Streamline the process of formalizing an incident management program customized to your organization-specific needs. Respond faster and more effectively by leveraging a mature process rather than starting from scratch.
  • Long term: Once the program is in place, damage will be minimized. As incidents are properly tracked, analyzed and handled according to a well-defined process, potential breaches will be reduced to minor incidents.


  • Dave Millier,CEO, Uzado Inc
  • Mahmood Sher-Jan, EVP & General Manager, RADAR Product Unit
  • Matt Anthony, VP, Security Remediation Services, The Herjavec Group
  • Jason Bareiszis, CSIRT Manager & Principal Security Architect, Tetra Tech
  • Malcolm Brown, Industry Analyst Relations, Trend Micro
  • Mark Bernard, CISO, Government, Financial Services, Manufacturing, Pharma, Legal
  • Wayne Chung, Senior Consultant, Information Assurance, Eosensa
  • Ali Shahidi, Chief Cyber Security & Computer Forensics, InfoTransec Inc.
  • 5 anonymous contributors

Get the Complete Storyboard

See how all the steps you need to take come together, with tools and advice to help with each task on your list.

Download Now

Get to Action

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should develop and implement a security incident management program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

  1. Prepare

    Prepare your organization for incident response with formal documentation of policies and processes.

  2. Operate

    Operate with efficiency and effectiveness as new incidents are handled.

  3. Maintain and optimize

    Maintain and optimize the incident management process by tracking metrics and leveraging best practices.

Guided Implementation icon Guided Implementation

This guided implementation is a six call advisory process.

    Guided Implementation #1 - Prepare

  • Call #1: Prepare documentation

  • Call #2: Develop incident use-case documents

  • Guided Implementation #2 - Operate

  • Call #1: Discuss incident handling guidance

  • Call #2: Prepare post-incident activities

  • Guided Implementation #3 - Maintain and optimize

  • Call #1: Assess the success of the incident management program

  • Call #2: Optimize

Onsite Workshop

Module 1: Prepare – Formalize Security Incident Management with Policies and Procedures

The Purpose

  • Acquire executive support for the security incident management initiative.
  • Identify the need for incident management.
  • Formalize the incident management process.

Key Benefits Achieved

  • Stakeholder support and approval to implement the program.
  • Understanding of the benefits and purpose of the program.
  • Standardized process with an official policy and guide.

Activities: Outputs:
1.1 Assess the need for incident management
  • Incident response evaluation from checklist
1.2 Acquire stakeholder support
  • Formalized stakeholder support proposal
1.3 Customize the incident response policy
  • Comprehensive incident response policy
1.4 Identify members of the Security Incident Response Team
  • Named SIRT members with defined roles and responsibilities
1.5 Customize the Incident Response Guide
  • Formalized incident response process & roadmap

Module 2: Operate – Develop Use Case Documents in Alignment with Incident Handling Processes

The Purpose

  •  Develop security incident use case documents to standardize the incident response process.
  • Understand how to handle incidents from detection to post-mortem review. 

Key Benefits Achieved

  • Increased operational efficiency and clarity when handling incidents.
  • Well-defined, mature process established. 

Activities: Outputs:
2.1 Prioritize the development of use case documents
  • Prioritized list of incident use case documents to develop
2.2 Develop the use case documents
  • Streamlined response processes outlined in standard use case documents

Module 3: Maintain & Optimize – Track Metrics and Communicate Internally and Externally

The Purpose

  • Assess the success of the security incident management process.
  • Disclose the relevant information within the organization to spread awareness. 
  • Prepare public relation tactics and materials to efficiently address the situation and disclose what is being done to rectify it. 

Key Benefits Achieved

  • Benchmarks defined for future improvement goals.
  • Consistency and efficiency within the organization when handling incidents.
  • Minimized reputation damage and swift public response in the event of significant incidents. 

Activities: Outputs:
3.1 Determine metrics to track throughout the process
  • Completed metrics plan
3.2 Customize communication templates for internal use
  • Guidance to inform employees on proper incident response
3.3 Prepare external communication plans
  • Ready-to-use material to address public-facing major incidents

Workshop Icon Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Book Now

Hide Details

Search Code: 76122
Published: October 9, 2014
Last Revised: May 21, 2015

GET HELP Contact Us
VL Methodology