Abstract
Incident response is the process of responding to and handling security-related incidents involving information and communications technology (ICT) infrastructure and data. Incident response has traditionally been reactive in nature, focusing mainly on technical issues. This paper presents the Incident Response Management (IRMA) method, which combines traditional incident response with proactive learning and socio-technical perspectives. The IRMA method is targeted at integrated operations within the petroleum industry, but it is also applicable to other industries that rely on process control systems.
