Incident Management and Response 

  Provide feedback on this document
Knowledge Center  Visit the Incident Management Knowledge Center community

Incident response is a key component of an enterprise business continuity and resilience program. The increasing number and diversity of information security threats can disrupt enterprise business activities and damage enterprise information assets. A sound risk management program can help reduce the number of incidents, but there are some incidents that can neither be anticipated nor avoided. Therefore, the enterprise needs to have an incident response capability to detect incidents quickly, contain them, mitigate impact, and restore and reconstitute services in a trusted manner. This white paper examines incident response from security, risk, privacy and assurance perspectives; identifies some key issues to be considered in an incident response program; and outlines where the COBIT 4.1 framework can be applied to the development of an effective incident response capability.

Additional incident response resources: