ISACAs CISM Domain 4 Information Security Incident Management
                     ISACA’s CISM Domain 4: Information 
Security Incident Management
www.infosectrain.com | [email protected]
www.infosectrain.com | [email protected]
CISM Domains:
1.Information Security Governance
2.Information Risk Management
3.Information Security Program Development and Management
4.Information Security Incident Management
In this blog, let us discuss the fourth domain of ISACA’s 
CISM, Information Security Incident Management.
Before directly jumping into incident management, let us first 
discuss what a security incident actually is. Why do security 
incidents occur? And then, we will go to the Security Incident 
Management process and its best practices. So go through this 
blog thoroughly to understand Security Incident Management.
www.infosectrain.com | [email protected]
Security Incident:
An information security incident is a successful, attempted, imminent, or 
suspected threat of an unauthorized breach, access, destruction, disclosure, or 
modification of information.
In simple terms, an incident is an event that compromises the confidentiality, 
integrity, and availability of an information asset.
Why do security incidents occur?
There are many reasons why security incidents occur, but here are a few very 
common ones:
Social Engineering: Social Engineering is a very common attack style used by 
many cyber attackers. Social Engineering is a widespread technique because 
attackers need to follow a few simple steps to get into the target system. Let’s 
say they can get into the target’s system just by creating a convincing malicious 
email. Or just by physically standing beside the target when they are entering 
their passwords. And if we are not careful enough when clicking email links and 
entering passwords in public places, this may be the biggest reason why 
incidents occur.
www.infosectrain.com | [email protected]
Too many permissions: If you don’t limit who can have access to what in 
your organization, you’re giving the hacker the most valuable gift. Because if you 
give too many irrelevant permissions to all the employees and users, a hacker can 
easily mask himself as one of your users and exploit your organization’s 
information.
Malware: Malware, both direct and indirect, is becoming more popular. Malware 
is defined as harmful software installed without the user’s knowledge and allows a 
hacker to exploit a system and maybe other linked systems.
So, be aware of visiting websites that aren’t what they appear to be or receiving 
emails from someone you don’t know, since these are common ways for malware 
to propagate.
Insider threats: “Keep your friends close and your enemies closer” is an apt 
motto these days. Rogue employees, disgruntled contractors, or simply those not 
bright enough to know better already have access to your data. What would keep 
them from stealing it, modifying it, or copying it? I think nothing. So, be aware of 
who you are dealing with, act quickly when something goes wrong, and make sure 
that every procedure and process is backed up with training.
www.infosectrain.com | [email protected]
We can now take a closer look at the definition of Security Incident Management.
Security Incident Management: The process of recognizing, monitoring, 
documenting, and evaluating security risks or occurrences in real-time is known as 
security incident management. It aims to provide a thorough and comprehensive 
analysis of any security vulnerabilities that may arise in an IT system. An active 
threat, an attempted incursion, a successful penetration, and a data leak are all 
examples of security incidents.
www.infosectrain.com | [email protected]
Information Security Incident Management process
As the volume and sophistication of cyber threats rise, 
organizations must adopt practices that will help them identify, 
respond to, and mitigate cyber incidents, become more resilient, 
and protect themselves from future attacks.
Managing security incidents uses appliances, software systems, 
and human investigators. In general, security incidents are 
managed by alerting the incident response team about the 
incident. After investigating the incident, incident responders will 
assess the damage and develop a mitigation plan.
https://youtu.be/L37UE1J9E_Y
www.infosectrain.com | [email protected]
A multifaceted strategy for security incident management must be 
implemented to ensure the IT environment is truly secure. According to 
ISO/IEC Standard 27035, a security incident should be managed by 
following a five-step process:
 Prepare to trade in a variety of situations.
 Through monitoring, identify possible security incidents and report 
any instances.
 Assess the occurrences that have been identified in order to 
determine the best next measures for risk mitigation.
 Contain the incident, investigate it, and come up with a solution 
(based on the outcome of step 3).
 Every occurrence should be used to learn and document critical 
lessons.
www.infosectrain.com | [email protected]
Why InfosecTrain?
 InfosecTrain allows you to customize your training schedules; our trainers will 
provide one-on-one training.
 You can hire a trainer from Infosec Train who will teach you at your own pace.
 As ISACA is our premium training partner, our trainers know how much and 
what exactly to teach to make you a professional.
 One more great part is that you will have access to all our recorded sessions.
That sounds exciting, right? So what are you waiting for? Enroll in our CISM course
 and get certified. Here you can get the best CISM domain training.
www.infosectrain.com | [email protected]
About InfosecTrain
• Established in 2016, we are one of the finest 
Security and Technology Training and 
Consulting company
• Wide range of professional training programs, 
certifications & consulting services in the IT 
and Cyber Security domain
• High-quality technical services, certifications 
or customized training programs curated with 
professionals of over 15 years of combined 
experience in the domain
www.infosectrain.com | [email protected]
Our Endorsements
www.infosectrain.com | [email protected]
Why InfosecTrain Global Learning Partners
Certified and Flexible modes Access to the 
Experienced Instructors of Training recorded 
sessions
Post training Tailor Made 
completion Training
www.infosectrain.com | [email protected]
Our Trusted Clients
www.infosectrain.com | [email protected]

Contact us
Get your workforce reskilled 
by our certified and 
experienced instructors!
IND: 1800-843-7890 (Toll Free) / US: +1 657-221-
1127  / UK : +44 7451 208413
[email protected]
www.infosectrain.com