Incident management (IcM) refers to the activities of an organization to identify, analyze and correct hazards. For instance, a fire in a factory would be a risk that realized, or an incident that happened. An Incident Response Team (IRT) or an Incident Management Team (IMT), specifically designated for the task beforehand or on the spot, would then manage the organization through the incident.
Usually as part of the wider management process in private organizations, incident management is followed by post-incident analysis where it is determined why the incident happened despite precautions and controls. This information is then used as feedback to further develop the security policy and/or its practical implementation. In the USA, the National Incident Management System, developed by the Department of Homeland Security, integrates effective practices in emergency management into a comprehensive national framework.
Computer security incident management[]
A specific case of incident management is Computer security incident management, which is most often handled by a Computer Security Incident Response Team (CSIRT). E.g. when an organization discovers that an intruder has gained unauthorized access to a computer system, the CSIRT team would analyze the situation, determine the breadth of the compromise, and take corrective action. Computer forensics is one task included in this process.