[Cialug] FOSS Incident tracking
Todd E Thomas
todd_dsm at ssiresults.com
Mon Dec 12 15:18:24 CST 2011
Chris, while you're doing testing on VMs, take a look at OTRS
<http://otrs.org/products/otrs-platform>. It fits the general criteria
and is something I've been looking at but have not gotten around to it yet.
I think Todd (the other Todd) is right about process. Define it, then
find a tool to support it, then training should result in a more
intuitive exorcise.
If you don't want to re-invent the wheel, I believe IEEE has sorted this
all out and documented the "template" support process; then you can
diddle with it from a strong base-line. It should be one of the last
documents in the SDLC series under "application development". Yes, there
is a /standardized/ method of support too ;)
Anyway, should you try OTRS please let me know how that turns out. The
reviews are great but I'm sure they are hand-picked by the company. I'd
be interested in knowing just how flexible it really is.
Since they tout it as "extremely flexible", it should fit the other
requirement of supporting /your/ process, whatever that should be.
Todd E Thomas
C: 515.778.6913
"It's a frail music knits the world together."
-Robert Dana
On 11/20/2011 09:19 PM, David Champion wrote:
> Tree falling = event. Tree falling on something important = incident.
> Nobody noticed the incident = problem.
>
> -dc
>
> On Sun, Nov 20, 2011 at 9:11 PM, Todd Walton <tdwalton at gmail.com
> <mailto:tdwalton at gmail.com>> wrote:
>
> On Thu, Nov 17, 2011 at 4:36 PM, Josh More <jmore at starmind.org
> <mailto:jmore at starmind.org>> wrote:
> > Huh. In my world, we call those "events".
> >
> > An "incident" is, by definition, an event that has been
> analyzed and
> > determined to have a security concern.
>
> The difference between your definitions and the regular help desk
> definitions are not as great as they seem. In help desk land, an
> event is just something that happened, no matter its significance. An
> "incident" is when something has happened that matters, i.e. when it
> is a failure of the system to provide what it was intended to provide.
> So, disk space getting down to 20% free might be an event, but if it
> doesn't cause anyone a problem then it's not an incident. But if
> someone tries to access a web service and gets an error, then it's an
> incident, because it resulted in a failure of the intended operation.
> Tree falling = event. Someone hears it = incident.
>
> That's almost like what it is in the security world, as I understand
> it. In help desk land it's the customer who matters. The customer's
> experience is what determines the difference between an incident and
> an event. In the security world, it's someone else setting the terms.
> The security officer or someone like that. They care about different
> things. From their perspective, it doesn't matter if documents were
> lost, unless those documents contained secret information and the
> information may have been consumed by someone not authorized to do so.
>
> In both cases, an incident is a violation of the standard. The help
> desk version is just a little more open and subjective.
>
> --
> Todd
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org <mailto:Cialug at cialug.org>
> http://cialug.org/mailman/listinfo/cialug
>
>
>
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cialug.org/pipermail/cialug/attachments/20111212/42f09dc3/attachment.html>
More information about the Cialug
mailing list