Incident management | New Zealand Information Security Manual

What is a cyber security incident?

A cyber security incident is any event that may threaten the confidentiality, integrity, or availability of an information system or the information a system processes, stores, or communicates. Information systems can be critical assets for organisations, and jeopardising the secure operation of these systems, and the business processes they support is an unacceptable risk.

Incident management

Incident management is the process of identifying, categorising, managing, recording and analysing security threats or incidents in real-time. It seeks to give a robust and comprehensive view of any security issues within an IT infrastructure.

Incident management capability

The National Cyber Security Centre (NCSC) provides five steps that are fundamental to establishing an incident management capability.

STEP ONE - Define Roles and Responsibilities.
STEP TWO - Identify Threats and Assets. Every organisation must understand its assets and the potential threats these face.
STEP THREE - Have a Plan. Creating and testing a plan should be the primary focus for improving incident management. Having a step-by-step plan in place before a cyber security incident occurs will help you take control of the situation, navigate your way through and reduce the impact on your business.
STEP FOUR - Logging, Alerting and Incident Automation.
STEP FIVE - Maintain Awareness, Report Progress and Continually Improve.

Related links

National Cyber Security Centre: Incident Management: Be Resilient, Be Prepared

Back to top