Incident management (IM) is a necessary part of a security program. When
effective, it mitigates business impact, identifies weaknesses in controls,
and helps fine-tune response processes. Traditional IM approaches, however,
are not always effective in a partially or completely virtualized data
center. Consequently, some aspects of incident management and response
processes require review and adjustment as an increasing number of critical
systems move to virtual servers.
For our discussion of IM, virtualization is defined as the abstraction of
logical servers from underlying hardware resources. This is not always the
case, but it is a good starting point.
Why an IM Review is Important
Some organizations are eager to implement virtualization to quickly gain
associated cost and flexibility advantages. In my experience, this rush to a
virtualized data center assumes th... (more)