I. Background of Security Incident Management
An information security incident can be defined as an attempted or successful unauthorised access, use, disclosure, modification or destruction of information; interference with information technology operation; or violation of explicit or implied acceptable usage policy.
It poses a threat to the computer or network security in a University in respect of availability, integrity or confidentiality. A common example is leakage of sensitive information which adversely influences the interests of a University.
A security incident management process involves five phases including Incident Reporting, Impact Assessment, Incident Escalation and Resolution, Incident Monitoring, and Post Incident Review.
Each of the above phases helps the University to contain the impact of information security incidents and to drive the handling process as efficiently as possible.
A properly designed and implemented security incident management should also help the University to prevent future security incidents.