To manage incidents effectively using Genetec Mission Controlâ„¢, it is recommended to understand the existing system and to evaluate the current challenges.
Considerations for incident configuration
To evaluate the scope of the problems to be solved, establish effective incident management
user procedures and design automation workflows for incident resolution, you must ask the
following questions:
- What types of incidents need to be handled?
- What are the most frequent incidents?
- Do they include system generated events, such as Access denied events and so on?
- Do they include non-system generated events?
For example: public demonstrations and so on.
- What types of alarms need to be handled?
- What are the most frequent alarms?
- What are the most frequent alarms used for?
- What are the challenges with false alarms?
- Are false alarms too numerous?
- What physical security systems are currently in place?
- Do they include access control units?
- How is intrusion detected? Are there third party systems in place for intrusion detection?
- What are the other security systems currently in place?
- Do events from third-party applications need to be used with the Mission Control Rules Engine?
For example, results of external analytic software as triggers for incidents and so on?
- Are there user procedures in place?
- How are the existing user procedures managed?
- Are there incidents that require collaboration from multiple teams?
- Do incident resolution procedures need to be monitored by a supervisor?
- What actions are taken to resolve an incident?
For example: incident investigation, notification, documentation and so on.
- Are there documents associated with alarms, events or incidents?
For example: emergency contact information, contact information for maintenance procedures, security teams, and so on.
- Are the users of the system role-based? Do user procedures require flow of control from one user to another?
- Are incident reports currently generated? What aspects of an incident are deemed imperative to have in an incident report?
- How is incident response efficiency currently measured?