1 / 237

Incident Management

Incident Management. United States Department of Homeland Security - National Incident Management System.

tcornelius
Download Presentation

Incident Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Incident Management https://store.theartofservice.com/the-incident-management-toolkit.html

  2. United States Department of Homeland Security - National Incident Management System • On March 1, 2004, the National Incident Management System (NIMS) was created. The stated purpose was to provide a consistent incident management approach for federal, state, local, and tribal governments. Under Homeland Security Presidential Directive-5, all federal departments were required to adopt the NIMS and to use it in their individual domestic incident management and emergency prevention, preparedness, response, recovery, and mitigation program and activities. https://store.theartofservice.com/the-incident-management-toolkit.html

  3. Information Technology Infrastructure Library - Incident management • Incident management aims to restore normal service operation as quickly as possible and minimise the adverse effect on business operations, thus ensuring that the best possible levels of service quality and availability are maintained. 'Normal service operation' is defined here as service operation within service-level agreement (SLA) limits. https://store.theartofservice.com/the-incident-management-toolkit.html

  4. Information Technology Infrastructure Library - Incident management • 2007: An unplanned interruption to an IT service or a reduction in the quality of an IT service. Failure of a configuration item that has not yet impacted service is also an incident. For example, failure of one disk from a mirror set. https://store.theartofservice.com/the-incident-management-toolkit.html

  5. Information Technology Infrastructure Library - Incident management • V2: An event which is not part of the standard operation of a service and which causes or may cause disruption to or a reduction in the quality of services and customer productivity. https://store.theartofservice.com/the-incident-management-toolkit.html

  6. Information Technology Infrastructure Library - Incident management • The objective of incident management is to restore normal operations as quickly as possible with the least possible impact on either the business or the user, at a cost-effective price. The transformation between event-to-incident is the critical junction where Application Performance Management (APM) and ITIL come together to provide tangible value back to the business. https://store.theartofservice.com/the-incident-management-toolkit.html

  7. Incident management • Incident management (IcM) is a term describing the activities of an organization to identify, analyze, and correct hazards to prevent a future re-occurrence. These incidents within a structured organization are normally dealt with by either an Incident Response Team (IRT), or an Incident Management Team (IMT). These are often designated before hand, or during the event and are placed in control of the organization whilst the incident is dealt with, to restore normal functions. https://store.theartofservice.com/the-incident-management-toolkit.html

  8. Incident management • Similar to an IRT or IMT is an Incident Command System (ICS). Popular with public safety agencies and jurisdictions in the United States, Canada and other countries, it is growing in practice in the private sector as organizations begin to manage without or co-manage emergencies with public safety agencies. It is a command and control mechanism that provides an expandable structure to manage emergency agencies. Although some of the details vary by jurisdiction, ICS normally consists of five primary elements: command, operations, planning, logistics and finance / administration. Several special staff positions, including public affairs, safety, and liaison, report directly to the incident commander (IC) when the emergency warrants establishment of those positions. https://store.theartofservice.com/the-incident-management-toolkit.html

  9. Incident management • An incident is an event that could lead to loss of, or disruption to, an organization's operations, services or functions. If not managed an incident can escalate into an emergency, crisis or a disaster. Incident management is therefore the process of limiting the potential disruption caused by such an event, followed by a return to business as usual. https://store.theartofservice.com/the-incident-management-toolkit.html

  10. Incident management • Without effective incident management an incident can rapidly disrupt business operations, information security, IT systems, employees or customers and other vital business functions. https://store.theartofservice.com/the-incident-management-toolkit.html

  11. Incident management • In the United States, the National Incident Management System, developed by the Department of Homeland Security, integrates effective practices in emergency management into a comprehensive national framework https://store.theartofservice.com/the-incident-management-toolkit.html

  12. Incident management - Computer security incident management • This makes CSIRT a highly prominent player in incident management. https://store.theartofservice.com/the-incident-management-toolkit.html

  13. Incident management - Incident management process, as defined by ITIL • The objective of incident management is to restore normal operations as quickly as possible with the least possible impact on either the business or the user, at a cost-effective price. https://store.theartofservice.com/the-incident-management-toolkit.html

  14. Incident management - Incident management process, as defined by ITIL • The Incident Manager is a functional role, rather than a position of employment, however both may be true dependent upon the hiring organization. Incident management provides to the external customer a focal point for leadership and drive during an event by ensuring adherence to follow-up on commitments and adequate information flow. This means, presenting to the customer an entity that accepts ownership of their problem. https://store.theartofservice.com/the-incident-management-toolkit.html

  15. Incident management - Incident management process, as defined by ITIL • The objective of Incident Management during an incident is service restoration as quickly as possible https://store.theartofservice.com/the-incident-management-toolkit.html

  16. Incident management - Incident management process, as defined by ITIL • The primary focus of Incident Management is to ensure a prompt recovery of the system, supervising and directing the internal or external resources. Prompt system recovery and minimization of any impact to the customer’s, has priority over unreasonably long and intensive data collection for the event root cause investigation. https://store.theartofservice.com/the-incident-management-toolkit.html

  17. Incident management - Incident management process, as defined by ITIL • Incidents can be classified into three primary categories: Software (applications), hardware, and service requests. (Note that service requests are not always regarded as an incident, but rather a request for change. However, the handling of failures and the handling of service requests are similar and therefore are included in the definition and scope of the process of incident management.) https://store.theartofservice.com/the-incident-management-toolkit.html

  18. Incident management - Incident management process, as defined by ITIL • Resolution and recovery https://store.theartofservice.com/the-incident-management-toolkit.html

  19. Incident management - Incident management process, as defined by ITIL • Ownership, monitoring, tracking, and communication (monitoring the progress of the resolution of the incident and keeping those who are affected by the incident up to date with the status) https://store.theartofservice.com/the-incident-management-toolkit.html

  20. Incident management - Activities of ICM defined by ITIL v3 • Categorization - the incident is categorized by priority , SLA etc. attributes defined above https://store.theartofservice.com/the-incident-management-toolkit.html

  21. Incident management - Activities of ICM defined by ITIL v3 • Prioritization - the incident is prioritized for better utilization of the resources and the Support Staff time https://store.theartofservice.com/the-incident-management-toolkit.html

  22. Incident management - Activities of ICM defined by ITIL v3 • Diagnosis - reveal the full symptom of the incident https://store.theartofservice.com/the-incident-management-toolkit.html

  23. Incident management - Activities of ICM defined by ITIL v3 • Escalation - should the Support Staff need support from other organizational units https://store.theartofservice.com/the-incident-management-toolkit.html

  24. Incident management - Activities of ICM defined by ITIL v3 • Investigation and diagnosis - if no existing solution from the past could be found the incident is investigated and root cause found https://store.theartofservice.com/the-incident-management-toolkit.html

  25. Incident management - Activities of ICM defined by ITIL v3 • Resolution and recovery - once the solution is found the incident is resolved https://store.theartofservice.com/the-incident-management-toolkit.html

  26. Incident management - Activities of ICM defined by ITIL v3 • Incident closure - the registry entry of the incident in the ICM System is closed by providing the end-status of the incident https://store.theartofservice.com/the-incident-management-toolkit.html

  27. Incident management - Incident Manager responsibilities • understand any incident/fault on a basic level (at least) in order to use the appropriate competences (resources) https://store.theartofservice.com/the-incident-management-toolkit.html

  28. Incident management - Incident Manager responsibilities • drive the restoration team to gather sufficient information to start an analysis https://store.theartofservice.com/the-incident-management-toolkit.html

  29. Incident management - Incident Manager responsibilities • maintain a general overview of the incident (keeping the focusing on the restoration via a workaround) https://store.theartofservice.com/the-incident-management-toolkit.html

  30. Incident management - Incident Manager responsibilities • understand the functionality of multiple areas (RAN, Core Network, VAS, BSS/OSS) https://store.theartofservice.com/the-incident-management-toolkit.html

  31. Incident management - Incident Manager responsibilities • obtain guidance on priorities to the teams starting the immediate urgent unexpected recovery work https://store.theartofservice.com/the-incident-management-toolkit.html

  32. Incident management - Incident management software systems • Incident management software systems exist that relate directly to specific industries. https://store.theartofservice.com/the-incident-management-toolkit.html

  33. Incident management - Human factors • During the root cause analysis, human factors should be assessed. This text will not go into depth on human factors, but will mention a couple of poignant areas that can assist in ensuring after action root cause analysis comes to an effective conclusion, after taking into consideration all the aspects of the cause and effects of an accident/incident. James Reason (1995) conducted a study into the understanding of adverse effects – Human Factors. The following will summarise some of the major points and explain the reasoning behind human factors playing a proportionate part of any incident. The study found, major incident investigations such as Piper Alpha, Kings Cross Underground Fire, made it clear that the causes of the accidents were distributed widely within and outside the organization. There are two types of event, active failure, an action that has immediate effects and has the likely hood to cause an accident. The second is and latent or delayed action, these events can take years to have an effect; they usually combine with triggering events then cause the accident. https://store.theartofservice.com/the-incident-management-toolkit.html

  34. Incident management - Human factors • These failures are unsafe acts (errors and violations) committed by those at the "sharp end" of the system (the actual operators of machinery, supervisors of tasks). It is the people at the human-system interface whose actions can, and sometimes do, have immediate adverse consequences. https://store.theartofservice.com/the-incident-management-toolkit.html

  35. Incident management - Human factors • They are created as the result of decisions taken at the higher echelons of an organisation. There damaging consequences may lie dormant for a long time, only becoming evident when they combine with local triggering factors (for example, the spring tide, the loading difficulties at Zeebrugge harbour, etc.) to breach the system's defences. https://store.theartofservice.com/the-incident-management-toolkit.html

  36. Incident management - Human factors • Decisions taken in the higher echelons of an organization can trigger the events towards an accident becoming more likely, the planning, scheduling, forecasting, designing, policy making, etc., can have a slow burning effect. The actual unsafe act that commits or triggers an accident can be traced back through the organization and the subsequent failures will be exposed, and discover the accumulation of latent failures within the system as a whole that led to the accident becoming more likely and ultimately happening. https://store.theartofservice.com/the-incident-management-toolkit.html

  37. Incident management - Human factors • To conclude, most incidents are not just about the actual events that happened, if human factors are studied during the investigation period, the actual chain of latent actions will be discovered. Consequently, better improvement action can be applied, and reduce the likelihood of the event happening again. https://store.theartofservice.com/the-incident-management-toolkit.html

  38. Incident management - Physical Incident Management • Incident management should be considered to be much more that just the analysis of perceived threats and hazards towards and organization in order to work out the risk of that event occurring, and therefore the ability of that organization to conduct business as usual activities during the incident. It should be remembered that as well as an important part of risk management process and business resilience planning that Incident management is a real time physical activity. https://store.theartofservice.com/the-incident-management-toolkit.html

  39. Incident management - Physical Incident Management • The planning that has happened to formulate the response to an incident; be that a disaster, emergency, crisis or accident has been done so that effective business resilience can take place to ensure minimal loss or damage whether that is to tangible or non tangible assets of that organization. The only way the effective planning that has gone before can be implemented is by efficient physical management of the incident, making best use of both time and resources that are available and understanding how to get more resources from outside the organization when needed by clear and timely liaison. https://store.theartofservice.com/the-incident-management-toolkit.html

  40. Incident management - Physical Incident Management • How should a business manage all of these activities and resources? Businesses should have an incident management system (IMS) https://store.theartofservice.com/the-incident-management-toolkit.html

  41. Incident management - Physical Incident Management • The physical incident management is very much the real time response that may last for hour’s, days or longer https://store.theartofservice.com/the-incident-management-toolkit.html

  42. Incident management - Physical Incident Management • The International Organization for Standardization (ISO), which is the worlds largest developer of international standards also makes a point in the description of its risk management, principles and guidelines document ISO 31000:2009 that, "Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment". This again shows the importance of not just good planning but effective allocation of resources to treat the risk (ISO 31000, 2009). https://store.theartofservice.com/the-incident-management-toolkit.html

  43. ITIL - Incident management • :2007: An unplanned interruption to an IT service or a reduction in the quality of an IT service. Failure of a configuration item that has not yet impacted service is also an incident. For example, failure of one disk from a mirror set. https://store.theartofservice.com/the-incident-management-toolkit.html

  44. ITIL - Incident management • :V2: An event which is not part of the standard operation of a service and which causes or may cause disruption to or a reduction in the quality of services and customer productivity. https://store.theartofservice.com/the-incident-management-toolkit.html

  45. ITIL - Incident management • The objective of incident management is to restore normal operations as quickly as possible with the least possible impact on either the business or the user, at a cost-effective price. The transformation between event-to-incident is the critical junction where Application Performance Management (APM) and ITIL come together to provide tangible value back to the business. https://store.theartofservice.com/the-incident-management-toolkit.html

  46. Incident management (ITSM) • The first goal of the incident management process is to restore a normal service operation as quickly as possible and to minimize the impact on business operations, thus ensuring that the best possible levels of service quality and availability are maintained https://store.theartofservice.com/the-incident-management-toolkit.html

  47. Incident management (ITSM) • ISO 20000 defines the objective of Incident management (part 1, 8.2) as: To restore agreed service to the business as soon as possible or to respond to service requests. https://store.theartofservice.com/the-incident-management-toolkit.html

  48. Incident management (ITSM) • Incidents that cannot be resolved quickly by the help desk will be assigned to specialist technical support groups. A resolution or work-around should be established as quickly as possible in order to restore the service. https://store.theartofservice.com/the-incident-management-toolkit.html

  49. Incident management (ITSM) - Definition • :An unplanned interruption to an IT Service or a reduction in the Quality of an IT Service. Failure of a Configuration Item that has not yet impacted Service is also an Incident. For example, Failure of one disk from a mirror set.. The stated ITIL objective is to restore normal operations as quickly as possible with the least possible impact on either the business or the user, at a cost-effective price. https://store.theartofservice.com/the-incident-management-toolkit.html

  50. Incident management (ITSM) - Definition • :any event which is not part of the standard operation of a service and which causes or may cause an interruption to, or a reduction in, the quality of that service. https://store.theartofservice.com/the-incident-management-toolkit.html

More Related