An Introduction to the Mission Risk Diagnostic for Incident Management Capabilities (MRD-IMC)

An incident management (IM) function is responsible for performing the broad range of activities associated with managing computer security events and incidents. For many years, the Software Engineering Institute's (SEI) CERT; Division has developed practices for building and sustaining IM functions in government and industry organizations worldwide. Based on their field experiences over the years, CERT researchers identified a community need for a time-efficient means of assessing an IM function. The Mission Risk Diagnostic for Incident Management Capabilities (MRD-IMC) is designed to address this need. The MRD-IMC is a risk-based approach for assessing the extent to which an IM function is in position to achieve its mission and objectives. Analysts applying the MRD-IMC evaluate a set of systemic risk factors (called drivers) to aggregate decision-making data and provide decision makers with a benchmark of an IM function's current state. The resulting gap between the current and desired states points to specific areas where additional investment is warranted. The MRD-IMC can be viewed as a first-pass screening (i.e., a health check) or high-level diagnosis of conditions that enable and impede the successful completion of the IM function's mission and objectives. This technical note provides an overview of the MRD-IMC method.