Date of Original Version



Technical Report

Abstract or Description

An incident management (IM) function is responsible for performing the broad range of activities associated with managing computer security events and incidents. For many years, the Software Engineering Institute’s (SEI) CERT Division has developed practices for building and sustaining IM functions in government and industry organizations worldwide. Based on their field experiences over the years, CERT researchers identified a community need for a time-efficient means of assessing an IM function. The Mission Risk Diagnostic for Incident Management Capabilities (MRD-IMC) is designed to address this need. The MRD-IMC is a risk-based approach for assessing the extent to which an IM function is in position to achieve its mission and objectives. Analysts applying the MRD-IMC evaluate a set of systemic risk factors (called drivers) to aggregate decision-making data and provide decision makers with a benchmark of an IM function’s current state. The resulting gap between the current and desired states points to specific areas where additional investment is warranted. The MRD-IMC can be viewed as a first-pass screening (i.e., a “health check”) or high-level diagnosis of conditions that enable and impede the successful completion of the IM function’s mission and objectives. This technical note provides an overview of the MRD-IMC method.