Incident Management Process Asset Library Office of Information and Technology Table of Contents Incident Management Process Map ....................................................................... 1 Incident Management Description and Goals ....................................................... 9 Description ............................................................................................................ 9 Goals ...................................................................................................................... 9 Incident Management RACI Information .............................................................. 10 Incident Management Associated Artifacts Information .................................... 24 Incident Management Tools and Web Sites Information .................................... 24 Incident Management Standards Information ..................................................... 24 Incident Management Process ............................................................................. 25 Process Activity Name: INM-01 Route Record ................................................. 25 Process Activity Name: INM-01.01 Identify Need or Issue .............................. 25 Process Activity Name: INM-01.02 Log & Submit Record ............................... 26 Process Activity Name: INM-01.03 Receive & Review Record ........................ 27 Process Activity Name: INM-01.04 Determine what Process Should Handle the Record ........................................................................................................... 27 Process Activity Name: INM-01.05 What Process should the Record be Routed to? ........................................................................................................... 28 Process Activity Name: INM-01.06 Enterprise Service Request Management Practice ................................................................................................................ 29 Process Activity Name: INM-01.07 Inform Requestor & Close Incident ......... 30 Process Activity Name: INM-02 Classify & Prioritize Incident ........................ 31 Process Activity Name: INM-02.01 Receive and Review Incident ................... 32 Process Activity Name: INM-02.02 Suspected to be Cybersecurity or Privacy Related? ............................................................................................................... 32 Process Activity Name: INM-02.03 Escalate To Support Specialist (Tier 2-3) 33 Process Activity Name: INM-02.04 Resolve and Close Security Incident ...... 34 Process Activity Name: INM-02.05 Collect Information on Incident ............... 35 Process Activity Name: INM-02.06 Has User Already Logged a Ticket for this Issue? ................................................................................................................... 36 Process Activity Name: INM-02.07 Notify User of Existing Ticket .................. 36 Process Activity Name: INM-02.08 Classify Incident ....................................... 37 Process Activity Name: INM-02.09 Is There a Parent Ticket? ......................... 38 Process Activity Name: INM-02.10 Link New Ticket to Existing Parent Ticket .............................................................................................................................. 38 Process Activity Name: INM-02.11 Collect Additional Information ................. 39 Process Activity Name: INM-02.12 Prioritize Incident ...................................... 40 Process Activity Name: INM-03 Assess & Investigate Incident ...................... 41 Process Activity Name: INM-03.01 Conduct Initial Investigation .................... 41 Incident Management ii Process Activity Name: INM-03.02 Major Incident? ......................................... 42 Process Activity Name: INM-03.03 Review & Confirm that this is a Major Incident ................................................................................................................ 43 Process Activity Name: INM-03.04 Major Incident? ......................................... 44 Process Activity Name: INM-03.05 Execute Major Incident Procedures ........ 44 Process Activity Name: INM-04 Resolve Incident ............................................ 45 Process Activity Name: INM-04.01 Research Solution .................................... 46 Process Activity Name: INM-04.02 Solution Available? .................................. 47 Process Activity Name: INM-04.03 Retrieve & Attempt Solution .................... 48 Process Activity Name: INM-04.04 Verify Incident is Resolved ...................... 49 Process Activity Name: INM-04.05 Incident Resolved? ................................... 49 Process Activity Name: INM-04.06 Escalate & Reclassify as Necessary ....... 50 Process Activity Name: INM-04.07 Review Ticket & Update Assignment ...... 51 Process Activity Name: INM-04.08 Conduct Detailed Analysis....................... 52 Process Activity Name: INM-04.09 Cybersecurity or Privacy-related? .......... 53 Process Activity Name: INM-04.10 Management Review Required? .............. 53 Process Activity Name: INM-04.11 Initiate Management Review Procedure . 54 Process Activity Name: INM-04.12 Reclassify Incident? ................................. 55 Process Activity Name: INM-04.13 Reclassify Incident ................................... 56 Process Activity Name: INM-04.14 Escalation Required? ............................... 56 Process Activity Name: INM-04.15 Is a Change Necessary? .......................... 57 Process Activity Name: INM-04.16 Change Control Management .................. 58 Process Activity Name: INM-04.17 Escalate to the Appropriate Group ......... 59 Process Activity Name: INM-04.18 Review Ticket & Update Assignment ...... 60 Process Activity Name: INM-04.19 Conduct Detailed Analysis....................... 60 Process Activity Name: INM-04.20 Cybersecurity or Privacy-related? .......... 61 Process Activity Name: INM-04.21 Attempt Resolution ................................... 62 Process Activity Name: INM-04.22 Verify Incident is Resolved ...................... 63 Process Activity Name: INM-04.23 Resolve and Close Security Incident ...... 64 Process Activity Name: INM-04.23.01 Conduct Analysis ................................ 64 Process Activity Name: INM-04.23.02 Is Incident Privacy Related? ............... 65 Process Activity Name: INM-04.23.03 Resolve Privacy Incident..................... 66 Process Activity Name: INM-04.23.04 Is this a Major Incident? ...................... 67 Process Activity Name: INM-04.23.05 Escalate Major Incident Procedure .... 68 Process Activity Name: INM-04.23.06 Develop Mitigation ............................... 69 Process Activity Name: INM-04.23.07 Develop Containment .......................... 69 Process Activity Name: INM-04.23.08 Develop Recovery ................................ 70 Process Activity Name: INM-04.23.09 Serious Incident Resolved? ................ 71 Incident Management iii Process Activity Name: INM-04.23.10 Close Incident ...................................... 72 Process Activity Name: INM-04.24 Attempt Resolution ................................... 72 Process Activity Name: INM-04.25 Verify Incident is Resolved ...................... 73 Process Activity Name: INM-05 Close Incident ................................................ 74 Process Activity Name: INM-05.01 Flag for Root Cause Analysis as Needed 75 Process Activity Name: INM-05.02 Problem Management .............................. 75 Process Activity Name: INM-05.03 Flag for Knowledge Article as Needed ... 76 Process Activity Name: INM-05.04 Knowledge Management .......................... 77 Process Activity Name: INM-05.05 Close Incident ........................................... 78 Incident Management iv Incident Management Process Map The links in this process map are inactive. Please scroll to view activity data. 1 The links in this process map are inactive. Please scroll to view activity data. 2 The links in this process map are inactive. Please scroll to view activity data. 3 The links in this process map are inactive. Please scroll to view activity data. 4 The links in this process map are inactive. Please scroll to view activity data. 5 The links in this process map are inactive. Please scroll to view activity data. 6 Process: Incident Management Overview: The process map for Incident Management cycles through the following process and review activities: INM-01 Route Record INM-01.01 Identify Need or Issue INM-01.02 Log & Submit Record INM-01.03 Receive & Review Record INM-01.04 Determine what Process Should Handle the Record INM-01.05 What Process should the Record be Routed to? INM-01.06 Enterprise Service Request Management Practice INM-01.07 Inform Requestor & Close Incident INM-02 Classify & Prioritize Incident INM-02.01 Receive and Review Incident INM-02.02 Suspected to be Cybersecurity or Privacy Related? INM-02.03 Escalate To Support Specialist (Tier 2-3) INM-02.04 Resolve and Close Security Incident INM-02.05 Collect Information on Incident INM-02.06 Has User Already Logged a Ticket for this Issue? INM-02.07 Notify User of Existing Ticket INM-02.08 Classify Incident INM-02.09 Is There a Parent Ticket? INM-02.10 Link New Ticket to Existing Parent Ticket INM-02.11 Collect Additional Information INM-02.12 Prioritize Incident INM-03 Assess & Investigate Incident INM-03.01 Conduct Initial Investigation INM-03.02 Major Incident? INM-03.03 Review & Confirm that this is a Major Incident INM-03.04 Major Incident? INM-03.05 Execute Major