{"id":25957,"date":"2020-05-01T13:38:00","date_gmt":"2020-05-01T13:38:00","guid":{"rendered":"https:\/\/staging.kepner-tregoe.com\/how-cybersecurity-is-changing-the-face-of-incident-management\/"},"modified":"2025-07-10T14:43:07","modified_gmt":"2025-07-10T14:43:07","slug":"how-cybersecurity-is-changing-the-face-of-incident-management","status":"publish","type":"post","link":"https:\/\/staging.kepner-tregoe.com\/fr\/blogs\/how-cybersecurity-is-changing-the-face-of-incident-management\/","title":{"rendered":"How Cybersecurity is Changing the Face of Incident Management"},"content":{"rendered":"

Cybercriminals are everywhere. Unfortunately, once they get into your network, they get plenty of time to do their dirty work, as it takes\u00a0almost two months<\/a> (50 days) on average for IT teams to identify that a breach has occurred.<\/p>\n

And the costs quickly add up. According to the Ponemon Institute\u2019s 2019 Cost of a Data Breach Study<\/a>,\u00a0the average cost of recovery per incident <\/em>is $3.92 million.<\/p>\n

To mitigate these risks, you must have a cyber incident response plan. This allows\u00a0you\u00a0to minimize the damages and costs when\u2014not if\u2014you\u2019re attacked.<\/p>\n

But how does cybersecurity\u2014and fast response to incidents\u2014fit into your established (and presumably well-oiled) IT incident management machinery?<\/p>\n

The IT Infrastructure Library (ITIL\u00ae) has become the standard<\/a> for how many organizations manage their IT infrastructures. But although it\u2014or variations of it\u2014do a good job of helping companies organize and manage their IT services, it\u2019s short on security. Relying on ITIL could leave you high and dry when the cybercriminals come for you.<\/p>\n

In this blog, we talk about how security and IT incident management currently reside in different silos in many organizations. We examine why this is a problem, and suggest ways to fix this so that any incident that affects IT services\u2014whether cyber security, IT infrastructure, or other issues\u2014is addressed and solved swiftly and effectively.<\/p>\n

Incident management and cybersecurity: separate, but equally important<\/h4>\n

Your IT incident management<\/a> (IM) team is a key part of IT service management (ITSM). The team\u2019s charter is to swiftly get services back to normal after interruptions. Their goal is to minimize how the issue affects users\u2014and the business. Operationally, this means reducing the length and severity of disruption from unexpected hardware, software, and network slowdowns or outages.<\/p>\n

The IM team goes into action when someone or something\u2014a user or IT staff member, or perhaps an automated alert system\u2014identifies that an event has occurred. Perhaps the network has slowed down, or an application fails to respond. The IM staff first contains the incident to prevent it from affecting other services. Then, they typically find a temporary workaround, deploy the fix, recover the system, and place that system back into production. IT staff then performs root-cause analysis (if required) to determine the reason for the problem, logs the incident for future reference, and, if necessary, involves the appropriate people to begin working on a permanent fix.<\/p>\n

Many companies have also built up solid cybersecurity teams. These incident response (IR) teams traditionally have followed a comparable, although parallel, path to resolve problems as the IM team. The difference: their charter is dedicated to responding to security incidents. The kinds of events that trigger the cybersecurity team to respond include:<\/p>\n