Security incident management [CISMP]

No system is perfect

It can be frustrating when you’ve worked hard to prepare but something still goes wrong. We’ve all been there.

Whether packing for a holiday but forgetting plug adapters or working towards a deadline but a flurry of activity late Friday afternoon distracts you from actually sending the document in time – life happens. What’s important is that we
can identify what went wrong and figure out a way to ensure that it doesn’t happen again. The same goes with your systems.


Decorative image: Arrow diagram showing different phases of the incident sequence: Create an incident response plan, Protect the evidence, Defining an incident, Launching investigations.

Incidents happen  

No system is perfect, incidents happen, but what’s meant by the term ‘incident’? The NCSC definition of a cyber incident is:

‘a breach of a system's security policy in order to affect its integrity or availability and/or the unauthorised access or attempted access to a system or systems; in line with the Computer Misuse Act (1990)’
This could be an unauthorised person on the premises, someone stealing data on a USB stick, a laptop being stolen from a secure computer room or anything else that might contravene security policy.  

Before any incident occurs, the organisation should have an incident response plan, and regular incident response drills should be carried out to ensure the procedures work efficiently. These drills are likely to identify process and technology issues that need to be addressed. 

The NCSC say:

'Incidents can be opportunistic or targeted, and threats can originate from outside and inside your organisation. But, whatever the nature of the threat, only one thing can help you deal well with a cyber incident - good preparation.' 

With good preparation in mind, this is what to expect from the security incident management process: 

  • Creating an incident response plan 
  • Protecting the evidence 
  • Defining an incident
  • Launching investigations 

What’s next?  

You’ll now move on to find out what kind of impact incidents can have on an organisation, and how best to respond.  


In this module you’ll discover the close relationship between business continuity, disaster recovery and incident management.

About the Author
Learning Paths

A world-leading tech and digital skills organization, we help many of the world’s leading companies to build their tech and digital capabilities via our range of world-class training courses, reskilling bootcamps, work-based learning programs, and apprenticeships. We also create bespoke solutions, blending elements to meet specific client needs.