DEV Community

Scott Lasica
Scott Lasica

Posted on

Incident Response vs. Incident Managment

If you found your way to this post, it’s likely because you’re trying to determine what the difference is between incident response and incident management. You may be a new SRE, or switched companies and things aren’t being treated in the same way. The good news is you’ve come to the right place. The bad news is you won’t be leaving with a definitive answer.

Incident response and incident management are defined differently by different organizations around the world. Doing a google on incident response vs incident management brings up an article from the UK NCSC. In this article, they state:

Incident Management (IM) sits within and across any response process, ensuring all stages are handled. IM deals with any communications, media handling, escalations and any reporting issues, pulling the whole response together, coherently and holistically.

Incident Response (IR) This includes triage, in-depth analysis, technical recovery actions and more.*

The above implies that IM is at a higher level, spanning the organization and defining the overall process for handling incidents, while IR defines the actual technical steps done to contain and resolve the issue.

On the same first page google results, I found another definition from the US CISA. This definition states:

This process of identifying, analyzing, and determining an organizational response to computer security incidents is called incident management.

Unfortunately this reads as the opposite of the prior definition, stating that IM encompasses the technical steps of identifying and analyzing the incident, as well as the “response” which implies the repair/remediation.

Just another couple Google results down the page finds a post from Educause. Here, they say they are the same thing:

Information security incident management programs (sometimes also called information security incident response programs)…

Irrespective of your definition, it’s important to define a clear incident response process with repeatable consistent steps to be followed in the case of an outage.

Fylamynt can help with the world’s first enterprise ready low code platform for building, running and analyzing SRE cloud workflows. With Fylamynt an SRE can automate the parts of the runbook that are the most time consuming, allowing them to make decisions where their expertise is needed.

For good practices around IR and IM, take a look at our article What’s a Runbook?

Try Fylamynt for free ->

Top comments (0)