There are a variety of potential information technology (IT) service threats that can convert to intentional or unintentional incidents requiring adequate IT service support. If restoring service normalcy as swiftly as possible and minimizing adverse impacts on entity operations are the primary incident management process goals, then IT support personnel achievement of expected performance levels ensures maintaining the highest possible service quality and availability levels.
An incident can be any event which is not part of standard IT operations that causes or may cause an interruption to or a reduction in agreed-upon quality of service. Incidents -- whether caused by malware, spyware, or defects -- are a common occurrence requiring appropriate resolution to reinstate acceptable operational levels. The IT service desk is very often the first contact users have when IT services do not perform as anticipated. Since there is an expectation of timely corrective action when an incident occurs, user orientation is critical for maintaining precipitations of an efficient and effective IT service desk. Therefore, entities should establish formal IT incident response mechanisms as well as ensure IT users are aware of established arrangements and how to utilize them.
Incidents are typically unavoidable when IT is relied on to provide processual services. Therefore, effective and efficient procedures for responding and recovering to normal operations are necessary. Incident response management includes processes to stop or contain information asset damage and gather incident data. Acquired data may be utilized during recovery to ascertain damage extent or for criminal prosecution. After responding to an incident, the damaged asset requires restoration and return to normal operation. Recovery may involve exploited weakness determination and, if feasible, subsequent vulnerability removal.