Grab the Learning Bonanza with up to 50% OFF on Combo Courses + Buy 1 Get 4* FREE on All Courses*
Grab the Learning Bonanza with up to 50% OFF on Combo Courses + Buy 1 Get 4* FREE on All Courses*

ISACA’s CISM Domain 4: Information Security Incident Management

CISM Domain 4

CISM Domains:

  1. Information Security Governance
  2. Information Risk Management
  3. Information Security Program Development and Management
  4. Information Security Incident Management

In this blog, let us discuss the fourth domain of ISACA’s CISM, Information Security Incident Management.

Before directly jumping into incident management, let us first discuss what a security incident actually is. Why do security incidents occur? And then, we will go to the Security Incident Management process and its best practices. So go through this blog thoroughly to understand Security Incident Management.

Security Incident:

An information security incident is a successful, attempted, imminent, or suspected threat of an unauthorized breach, access, destruction, disclosure, or modification of information.

In simple terms, an incident is an event that compromises the confidentiality, integrity, and availability of an information asset.

Why do security incidents occur?

There are many reasons why security incidents occur, but here are a few very common ones:

Social Engineering: Social Engineering is a very common attack style used by many cyber attackers. Social Engineering is a widespread technique because attackers need to follow a few simple steps to get into the target system. Let’s say they can get into the target’s system just by creating a convincing malicious email. Or just by physically standing beside the target when they are entering their passwords. And if we are not careful enough when clicking email links and entering passwords in public places, this may be the biggest reason why incidents occur.

Too many permissions: If you don’t limit who can have access to what in your organization, you’re giving the hacker the most valuable gift. Because if you give too many irrelevant permissions to all the employees and users, a hacker can easily mask himself as one of your users and exploit your organization’s information.

Malware: Malware, both direct and indirect, is becoming more popular. Malware is defined as harmful software installed without the user’s knowledge and allows a hacker to exploit a system and maybe other linked systems.

So, be aware of visiting websites that aren’t what they appear to be or receiving emails from someone you don’t know, since these are common ways for malware to propagate.

Insider threats: “Keep your friends close and your enemies closer” is an apt motto these days. Rogue employees, disgruntled contractors, or simply those not bright enough to know better already have access to your data. What would keep them from stealing it, modifying it, or copying it? I think nothing. So, be aware of who you are dealing with, act quickly when something goes wrong, and make sure that every procedure and process is backed up with training.

We can now take a closer look at the definition of Security Incident Management.

Security Incident Management: The process of recognizing, monitoring, documenting, and evaluating security risks or occurrences in real-time is known as security incident management. It aims to provide a thorough and comprehensive analysis of any security vulnerabilities that may arise in an IT system. An active threat, an attempted incursion, a successful penetration, and a data leak are all examples of security incidents.


Information Security Incident Management process

As the volume and sophistication of cyber threats rise, organizations must adopt practices that will help them identify, respond to, and mitigate cyber incidents, become more resilient, and protect themselves from future attacks.

Managing security incidents uses appliances, software systems, and human investigators. In general, security incidents are managed by alerting the incident response team about the incident. After investigating the incident, incident responders will assess the damage and develop a mitigation plan.


A multifaceted strategy for security incident management must be implemented to ensure the IT environment is truly secure. According to ISO/IEC Standard 27035, a security incident should be managed by following a five-step process:

  • Prepare to trade in a variety of situations.
  • Through monitoring, identify possible security incidents and report any instances.
  • Assess the occurrences that have been identified in order to determine the best next measures for risk mitigation.
  • Contain the incident, investigate it, and come up with a solution (based on the outcome of step 3).
  • Every occurrence should be used to learn and document critical lessons.

Why InfosecTrain?

  • InfosecTrain allows you to customize your training schedules; our trainers will provide one-on-one training.
  • You can hire a trainer from Infosec Train who will teach you at your own pace.
  • As ISACA is our premium training partner, our trainers know how much and what exactly to teach to make you a professional.
  • One more great part is that you will have access to all our recorded sessions.


That sounds exciting, right? So what are you waiting for? Enroll in our CISM course and get certified. Here you can get the best CISM domain training.

Yamuna Karumuri ( )
Content Writer
Yamuna Karumuri is a graduate in computer science. She likes to learn new things and enjoys spreading her knowledge through blogs. She is currently working as a content writer with Infosec Train.
CISA QA Session for Aspiring Auditors