[Cialug] FOSS Incident tracking

Todd E Thomas todd_dsm at ssiresults.com
Mon Dec 12 15:18:24 CST 2011 

Chris, while you're doing testing on VMs, take a look at OTRS 
<http://otrs.org/products/otrs-platform>. It fits the general criteria 
and is something I've been looking at but have not gotten around to it yet.

I think Todd (the other Todd) is right about process. Define it, then 
find a tool to support it, then training should result in a more 
intuitive exorcise.

If you don't want to re-invent the wheel, I believe IEEE has sorted this 
all out and documented the "template" support process; then you can 
diddle with it from a strong base-line. It should be one of the last 
documents in the SDLC series under "application development". Yes, there 
is a /standardized/ method of support too ;)

Anyway, should you try OTRS please let me know how that turns out. The 
reviews are great but I'm sure they are hand-picked by the company. I'd 
be interested in knowing just how flexible it really is.

Since they tout it as "extremely flexible", it should fit the other 
requirement of supporting /your/ process, whatever that should be.


Todd E Thomas
C: 515.778.6913
"It's a frail music knits the world together."
-Robert Dana





On 11/20/2011 09:19 PM, David Champion wrote:
> Tree falling = event. Tree falling on something important = incident. 
> Nobody noticed the incident = problem.
>
> -dc
>
> On Sun, Nov 20, 2011 at 9:11 PM, Todd Walton <tdwalton at gmail.com 
> <mailto:tdwalton at gmail.com>> wrote:
>
>     On Thu, Nov 17, 2011 at 4:36 PM, Josh More <jmore at starmind.org
>     <mailto:jmore at starmind.org>> wrote:
>     > Huh.  In my world, we call those "events".
>     >
>     > An "incident" is,  by definition, an event that has been
>     analyzed and
>     > determined to have a security concern.
>
>     The difference between your definitions and the regular help desk
>     definitions are not as great as they seem.  In help desk land, an
>     event is just something that happened, no matter its significance.  An
>     "incident" is when something has happened that matters, i.e. when it
>     is a failure of the system to provide what it was intended to provide.
>      So, disk space getting down to 20% free might be an event, but if it
>     doesn't cause anyone a problem then it's not an incident.  But if
>     someone tries to access a web service and gets an error, then it's an
>     incident, because it resulted in a failure of the intended operation.
>     Tree falling = event.  Someone hears it = incident.
>
>     That's almost like what it is in the security world, as I understand
>     it.  In help desk land it's the customer who matters.  The customer's
>     experience is what determines the difference between an incident and
>     an event.  In the security world, it's someone else setting the terms.
>      The security officer or someone like that.  They care about different
>     things.  From their perspective, it doesn't matter if documents were
>     lost, unless those documents contained secret information and the
>     information may have been consumed by someone not authorized to do so.
>
>     In both cases, an incident is a violation of the standard.  The help
>     desk version is just a little more open and subjective.
>
>     --
>     Todd
>     _______________________________________________
>     Cialug mailing list
>     Cialug at cialug.org <mailto:Cialug at cialug.org>
>     http://cialug.org/mailman/listinfo/cialug
>
>
>
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cialug.org/pipermail/cialug/attachments/20111212/42f09dc3/attachment.html>

More information about the Cialug mailing list