U.S. Department of Health and Human Services
IT Administrators monitor systems and networks for events, or observable occurrences, which may evolve into an incident. HHS defines an incident as the violation, or an imminent threat of a violation, of an explicit or implied security policy, acceptable use policies, or standard security practices in a computing or telecommunications system or network.
Per NIST SP 800-61 Rev. 1: Computer Security Incident Handling Guide, Incident Management entails:
Detection & Analysis;
Containment, Eradication, and Recovery; and
Page 2 of 12
Operations and Maintenance Phase