Creating an ITIL inspired Incident Management approach: Roots, response, and results

Cusick, James; Ma, Gary

doi:10.1109/nomsw.2010.5486589

Cited by 24 publications

(14 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Due to the monetary, operational, and image impact that incident management (IM) process can bring to an organization, it is usually one of the most adopted by organizations (Alshathry, 2016). Plus, it is also a key element for IT support (Cusick & Ma, 2010). However, IM implementation is long, complex, expensive, and often fails (Ghrab, Ketata, Loukil, & Gargouri, 2016).…”

Section: Introductionmentioning

confidence: 99%

An Overlapless Incident Management Maturity Model for Multi-Framework Assessment (ITIL, COBIT, CMMI-SVC)

Aguiar

Pereira

Vasconcelos

et al. 2018

IJIKM

View full text Add to dashboard Cite

Aim/Purpose: This research aims to develop an information technology (IT) maturity model for incident management (IM) process that merges the most known IT frameworks’ practices. Our proposal intends to help organizations overcome the current limitations of multiframework implementation by informing organizations about frameworks’ overlap before their implementation. Background: By previously identifying frameworks’ overlaps it will assist organizations during the multi-framework implementation in order to save resources (human and/or financial). Methodology: The research methodology used is design science research (DSR). Plus, the authors applied semi-structured interviews in seven different organizations to demonstrate and evaluate the proposal. Contribution: This research adds a new and innovative artefact to the body of knowledge. Findings: The proposed maturity model is seen by the practitioners as complete and useful. Plus, this research also reinforces the frameworks’ overlap issue and concludes that some organizations are unaware of their actual IM maturity level; some organizations are unaware that they have implemented practices of other frameworks besides the one that was officially adopted. Recommendations for Practitioners: Practitioners may use this maturity model to assess their IM maturity level before multi-framework implementation. Moreover, practitioners are also incentivized to communicate further requirements to academics regarding multi-framework assessment maturity models. Recommendation for Researchers: Researchers may explore and develop multi-frameworks maturity models for the remaining processes of the main IT frameworks. Impact on Society: This research findings and outcomes are a step forward in the development of a unique overlapless maturity model covering the most known IT frameworks in the market thus helping organizations dealing with the increasing frameworks’ complexity and overlap. Future Research: Overlapless maturity models for the remaining IT framework processes should be explored.

show abstract

Section: Introductionmentioning

confidence: 99%

An Overlapless Incident Management Maturity Model for Multi-Framework Assessment (ITIL, COBIT, CMMI-SVC)

Aguiar

Pereira

Vasconcelos

et al. 2018

IJIKM

View full text Add to dashboard Cite

show abstract

“…Additionally, changes in technology or work processes should initiate a revision of the plans. The use of short and simple plans should hence be further encouraged for information security incident management, which is also suggested by studies of information security incident management by Jaatun et al (2009) and Cusick and Ma (2010).…”

Section: Plans Compliance and Situational Adaptionmentioning

confidence: 99%

“…Creating adequate plans for incident handling: Having a simple, short and common plan for incident management was recommended by Jaatun et al (2009) and Cusick and Ma (2010). This was considered an advantage when present and a need when not present.…”

Section: Information Security Incident Managementmentioning

confidence: 99%

“…Low-impact incidents tend to remain unregistered, although organizations have systems in place for incident tracking (Cusick andMa, 2010, Kurowski andFrings, 2011). Cusick and Ma (2010) stressed the challenge of engineers just including a minimum amount of data in such registrations.…”

Section: Quality Of Incident Registrationsmentioning

confidence: 99%

“…Cusick and Ma (2010) stressed the challenge of engineers just including a minimum amount of data in such registrations. Existing reporting tools used for Health, Safety and Environment (HSE) incidents were poorly suited to reporting of cyber security incidents (Jaatun et al, 2009).…”

Section: Quality Of Incident Registrationsmentioning

confidence: 99%

See 2 more Smart Citations

Examining the suitability of industrial safety management approaches for information security incident management

Line

Albrechtsen

2016

Information &Amp; Computer Security

View full text Add to dashboard Cite

Purpose This paper discusses whether recent theoretical and practical approaches within industrial safety management might be applicable to, and solve challenges experienced in, the field of information security, specifically related to incident management.Design/methodology/approach Literature review. FindingsPrinciples, research, and experiences on the issues of plans, training, and learning in the context of industrial safety management would be suitable for adoption into the field of information security incident management and aid in addressing current challenges. Research limitations/implications (if applicable)There are a number of reasons why approaches from industrial safety management have something to offer to information security incident management: the former field is more mature and has longer traditions, there is more organizational research on industrial safety issues than on information security issues so far, individual awareness is higher for industrial safety risks, and worker participation in systematic industrial safety work is ensured by law. More organizational research on information security issues and continuous strengthening of individual security awareness would push information security to further maturity levels where current challenges are solved. Practical implications (if applicable)This paper shows that the field of information security incident management would gain from closer collaborations with industrial safety management, both in research and in practical loss prevention in organizations. The ideas discussed in this paper form a basis for further research on practical implementations and case studies. Originality/valueThe main audience of this paper includes information security researchers and practitioners, as they will find inspirational theories and experiences to bring into their daily work and future projects.

show abstract

Availability and Notification

Nagels¹

2021

Practical Imaging Informatics

View full text Add to dashboard Cite

Creating an ITIL inspired Incident Management approach: Roots, response, and results

Cited by 24 publications

References 1 publication

An Overlapless Incident Management Maturity Model for Multi-Framework Assessment (ITIL, COBIT, CMMI-SVC)

An Overlapless Incident Management Maturity Model for Multi-Framework Assessment (ITIL, COBIT, CMMI-SVC)

Examining the suitability of industrial safety management approaches for information security incident management

Availability and Notification

Contact Info

Product

Resources

About