Become familiar with regulatory
codes and provide users a central
point for help on IT issues
Incident management refers to the activities of an organization to identify, analyze and correct problems or troubles.
For instance, a fire in a factory would be a risk that was realized, or an incident that happened. An Incident Response Team (IRT) or an Incident Management Team (IMT), designated for the task beforehand or on the spot, would then manage the organization through the incident.
A specific example would be computer incident management, which is most often handled by a computer incident response team (CIRT).
E.g., When an organization discovers that an intruder has gained unauthorized access to a computer system, the CIRT team would analyze the situation, determine the breadth of the compromise, and take corrective action. Computer forensics is one task included in this process.
Usually as part of the wider management process in private organizations, incident management is followed by post-incident analysis, wherein it is determined why the incident happened despite precautions and controls.
This information is then used as feedback to further develop the security policy and/or its practical implementation.