Major Incident Management Process

25.10.2019 Read
Major Incident Management Process

What Are the Main Steps in Major Incident Management Process?

Below are the four steps in the major incident response management process:

Step 1: Identification of the Major Incident

Identifying the major incident is the first step. Identification takes place based on certain rules that may be defined in company security policy. A major incident can have several attributes such as the range of computers it affects or the specific amount of loss it incurs.

Step 2: Communication and Collaboration

Once the major incident is identified, it is imperative to inform and involve all stakeholders including business partners, customers, users, or any associated third-party vendor. Communication can be taken place verbally within the organization, or through Emails, Faxes, or short handwritten notices. Moreover, communication and collaboration among SOC teams and incident responders are crucial to prepare a collective, powerful response against the major incident.

Step 3: Resolving the Major Incident

Resolving the major incident is one of the crucial steps that involves the resolution of the incident and all its associated child incidents.

Step 4: Post Incident Review

It is also important to conduct a review of the major incidents. Doing so can help you understand the security loopholes and vulnerabilities that attackers used to penetrate your corporate network. Based on the reviews, incident responders should fix vulnerabilities and enhance the system with multilayer security that should involve Firewalls, IDS, IPS, SIEM system, and SOAR solution.

What Are the Prerequisites for an Effective Major Incident Management Process?

The organizations must have an efficient and effective major incident response process. To this end, they should meet the following requirements:

  • Ensure that all stakeholders are informed about the degradations, service interruptions, and resolutions.
  • Ensure that your company has a reliable Computer Security Incident Response Team (CSIRT) or incident responders to effectively deal with major incidents.
  • The incident responders must mitigate the impact of the major incident and restore the critical services and business operations as soon as possible.
  • They should create a problem for the root cause analysis.
  • Creating documentation of the major incident.


Undoubtedly, major incidents are worrisome signs that can lead to the biggest data breaches, reputational losses, and bulk currency in terms of noncompliance and during the incident fixation process. However, effective security measures can save your company from a big nightmare. For this purpose, you need to use multilayer security such as installing Firewalls, SIEM or/and SOAR solutions.