Cyberattacks have become a fact of life, and organizations are committing more resources to incident response. But too often, organizations confuse security incident response and incident management. While security incident response is a technical discipline, security incident management is a more formal process for monitoring, detecting, tracking, and responding to such incidents. When an incident occurs, therefore, an organization with a security incident management process will have a response team in place and clearly defined procedures for managing it.
As shown in Figure 2 from our full report, Security Incident Management Adoption and Best Practices, 66% of IT organizations had a security incident management practice in place in 2016, which is only a moderate adoption rating. Worse yet, that number has mostly trended down since 2013.
“News of major security breaches inside Fortune 500 companies, political campaigns, and governments grace the front pages on a near-daily basis,” said David Wagner, vice president, research, for Computer Economics based in Irvine, Calif. “The news should inspire companies to find a more comprehensive way of dealing with security, but so far the opposite seems to be happening.”
Computer Economics research shows that security incident management as a best practice is only moderately mature. Despite the escalation in threat levels over the past few years, many companies are choosing to operate with informal security incident processes. This is a practice, however, that every IT organization should embrace with some level of rigor.
In the full report, we introduce this best practice and look at adoption trends by organization size and sector. We also introduce some providers of security incident management systems and services. The report is part of our major study, IT Management Best Practices.
This Research Byte is a brief overview of our report on this subject, Security Incident Management Adoption and Best Practices. The full report is available at no charge for Computer Economics clients, or it may be purchased by non-clients directly from our website (click for pricing).