Problem and Incident Management
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
7 hours 15 minutes
Difficulty
Intermediate
CEU/CPE
8
Video Transcription
00:00
>> Hi, there and welcome to our next lesson,
00:00
problem and incident management.
00:00
In this lesson, we'll talk about problem management.
00:00
We'll talk about incident management
00:00
and the differences between the two.
00:00
Some of the activities related to each,
00:00
the details that need to be recorded,
00:00
some of the control handling requirements,
00:00
the problem and incident management elements,
00:00
and some of the auditing elements
00:00
and the issues that you'll face as an auditor.
00:00
So let's begin.
00:00
Problem management is basically learning through
00:00
the investigation and in-depth
00:00
analysis of one or more similar incidents.
00:00
It's learning from the issues that arise,
00:00
and it's learning and making sure that
00:00
we understand exactly what's
00:00
happening and why it's happening,
00:00
and how we can improve
00:00
the situation moving forward in the future.
00:00
A couple of aspects that problem management.
00:00
Once the root cause is identified,
00:00
so in other words, the cause of the problem,
00:00
it becomes a known problem.
00:00
At that point, then workarounds can be developed.
00:00
If we know what's causing it,
00:00
we can know way to work around the particular problem.
00:00
Then the problems get added to the known error database.
00:00
That's essentially a record of what we
00:00
know about the system in with some
00:00
of the issues that we know about it.
00:00
Now, incident management is a little bit different.
00:00
It's related to problem management,
00:00
but it's got some different methods and objective.
00:00
Problem management objectives are to
00:00
reduce the number and severity of the incidence.
00:00
Incident management is to return the effect of
00:00
business process back to
00:00
the normal state as quickly as possible.
00:00
While an incident could be a problem,
00:00
a problem is not necessarily
00:00
an incident and the focus is very different.
00:00
An incident we need to fix,
00:00
a problem we need to understand,
00:00
I guess is a very short way to look at it.
00:00
In terms of incident management,
00:00
it's one of the critical processes
00:00
in IT service management,
00:00
which we've covered in a previous lesson.
00:00
It also requires prioritization,
00:00
so not all incidents will be created equal.
00:00
Some incidents might affect one person,
00:00
some incidents may affect the entire organization,
00:00
and that leads to a criteria
00:00
need to be established for escalation.
00:00
We need to have an understanding of exactly where this
00:00
sits in terms of the impact on the business objectives.
00:00
Now, in terms of detection,
00:00
documentation, control resolution, reporting,
00:00
these are aspects that need to be
00:00
involved with problem in incident management.
00:00
A mechanism needs to exist so that
00:00
we can document abnormal conditions.
00:00
Sometimes that might be basically a case of
00:00
just some logging information or it could be
00:00
some more formal incident management
00:00
to a problem management process.
00:00
A couple of things that need to be cupboard here.
00:00
We need to look at application errors.
00:00
That's basically anytime the application
00:00
doesn't function as the way it's intended to,
00:00
any system errors which might be impacting larger than
00:00
just an individual application but across
00:00
the entire system, any operator errors.
00:00
If the user makes a mistake,
00:00
why did they make a mistake?
00:00
Is it something to do with
00:00
user error or is it something to do with
00:00
the system that the operator
00:00
was unaware of or couldn't help?
00:00
Network errors, so any problems with the network itself,
00:00
telecommunication and obviously hardware areas as well.
00:00
A few of the details to record.
00:00
The date and time when it happened,
00:00
any error codes related to it which could be
00:00
relevant to the system or the application itself.
00:00
A description of what the error is,
00:00
what was the source of the errors so
00:00
this could be the application or the hardware,
00:00
a status code with a problem resolution.
00:00
So is it currently open, closed, or pending?
00:00
What's the life cycle of the problem resolution?
00:00
Narrative of every error resolution status,
00:00
so some text that describes what's happening.
00:00
The personnel responsible for
00:00
handling and interacting with this error.
00:00
Now, control handling so there should be
00:00
some restrictions around the access
00:00
and update to the error logs.
00:00
We need to ensure that this is maintained
00:00
securely and is accessed
00:00
only to the appropriate individuals.
00:00
Maintenance and monitoring processes,
00:00
so these needs to be basically managed and reported upon.
00:00
The escalation procedures.
00:00
Any communications, so
00:00
in terms of incidence or problems,
00:00
how they are communicated to
00:00
the business and potentially seriously
00:00
enough outside of the business and
00:00
documentation on how this process will work.
00:00
Now a couple of problem in incident management elements.
00:00
One is key is to support or the help desk.
00:00
There needs to be a place that users can
00:00
contact in the event of something going wrong,
00:00
Network management tools,
00:00
so things such as response time reports,
00:00
downtime reports, online monitoring, network monitoring,
00:00
any network protocol analyses or somethings
00:00
like Simple Network Management Protocol, (SNMP).
00:00
These can all provide
00:00
valuable information which can be fed into this process.
00:00
Now, as an auditor, a few of
00:00
the elements that you'll need to be aware of.
00:00
Obviously, with errors and problems,
00:00
interviews with IS operations personnel
00:00
is one of the key artifacts that you'd be looking at.
00:00
So the people who are actually dealing with a problem
00:00
and they can tell you exactly how it happened,
00:00
what happened, and what their experiences are.
00:00
Any procedures and documentation
00:00
that's supporting this process,
00:00
any performance records, outstanding error logs,
00:00
and obviously, the help desk call logs
00:00
are all valuable information.
00:00
So that's the end of our lesson.
00:00
We've covered problem in incident management,
00:00
a little bit of the differences is between the two,
00:00
some of the activities surrounding these events,
00:00
the details that needs to be recorded,
00:00
so problem and incident management elements
00:00
and auditing elements.
00:00
That's the end of our lesson
00:00
and will see you at the next one.
Up Next
