search menu icon-carat-right cmu-wordmark

Incident Management Capability Assessment

Technical Report
The capabilities presented in this report provide a benchmark of incident management practices.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2018-TR-007

Abstract

Successful management of incidents that threaten an organization's computer security is a complex endeavor. Frequently an organization's primary focus is on the response aspects of security incidents, which results in its failure to manage incidents beyond simply reacting to threatening events.

The capabilities presented in this document are intended to provide a baseline or benchmark of incident management practices for an organization. The incident management capabilities—provided in a series of statements and indicators—define the actual benchmark. The capabilities explore different aspects of incident management activities for preparing or establishing an incident management function; protecting, detecting, and responding to unauthorized activity in an organization's information systems and computer networks; and sustaining the ability to provide those services. This benchmark can be used by an organization to assess its current incident management function for the purpose of process improvement. This assessment will also help assure system owners, data owners, and operators that their incident management services are being delivered with a high standard of quality and success within acceptable levels of risk.

Cite This Technical Report

Dorofee, A., Ruefle, R., Zajicek, M., McIntire, D., Perl, S., Alberts, C., Huth, C., & Walters, P. (2018, December 19). Incident Management Capability Assessment. (Technical Report CMU/SEI-2018-TR-007). Retrieved March 4, 2024, from https://insights.sei.cmu.edu/library/incident-management-capability-assessment/.

@techreport{dorofee_2018,
author={Dorofee, Audrey and Ruefle, Robin and Zajicek, Mark and McIntire, David and Perl, Samuel and Alberts, Christopher and Huth, Carly and Walters, Pennie},
title={Incident Management Capability Assessment},
month={Dec},
year={2018},
number={CMU/SEI-2018-TR-007},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://insights.sei.cmu.edu/library/incident-management-capability-assessment/},
note={Accessed: 2024-Mar-4}
}

Dorofee, Audrey, Robin Ruefle, Mark Zajicek, David McIntire, Samuel Perl, Christopher Alberts, Carly Huth, and Pennie Walters. "Incident Management Capability Assessment." (CMU/SEI-2018-TR-007). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, December 19, 2018. https://insights.sei.cmu.edu/library/incident-management-capability-assessment/.

A. Dorofee, R. Ruefle, M. Zajicek, D. McIntire, S. Perl, C. Alberts, C. Huth, and P. Walters, "Incident Management Capability Assessment," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Report CMU/SEI-2018-TR-007, 19-Dec-2018 [Online]. Available: https://insights.sei.cmu.edu/library/incident-management-capability-assessment/. [Accessed: 4-Mar-2024].

Dorofee, Audrey, Robin Ruefle, Mark Zajicek, David McIntire, Samuel Perl, Christopher Alberts, Carly Huth, and Pennie Walters. "Incident Management Capability Assessment." (Technical Report CMU/SEI-2018-TR-007). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 19 Dec. 2018. https://insights.sei.cmu.edu/library/incident-management-capability-assessment/. Accessed 4 Mar. 2024.

Dorofee, Audrey; Ruefle, Robin; Zajicek, Mark; McIntire, David; Perl, Samuel; Alberts, Christopher; Huth, Carly; & Walters, Pennie. Incident Management Capability Assessment. CMU/SEI-2018-TR-007. Software Engineering Institute. 2018. https://insights.sei.cmu.edu/library/incident-management-capability-assessment/