Cybersecurity incident management is
|“||[t]he processes for detecting, reporting, assessing, responding to, dealing with, and learning from cybersecurity incidents.||”|
Planning and preparing for a cybersecurity incident can be challenging for many organizations. When a cybersecurity incident occurs, an organization is required to take immediate action in order to mitigate threats to the confidentiality, integrity, and availability of its information assets. This requires effective deployment of resources and established communication strategies.
Some of the primary objectives of cybersecurity incident management include:
- Avoid cybersecurity incidents before they occur
- Minimize the impact of cybersecurity incidents to the confidentiality, availability, or integrity of the industry's services, information assets, and operations
- Mitigate threats and vulnerabilities as cybersecurity incidents are occurring
- Improve cybersecurity incident coordination and management within the industry
- Reduce the direct and indirect costs caused by cybersecurity incidents
- Report findings to executive management.
- "Overview" section: Cyber Incident Management Planning Guide, at 7.