| 🏠 Back to Exam Syllabus | 📺 RooCloud on YouTube | 🌐 RooCloud Practice Exams |
Problem & Incident Management
This episode of the ISACA Certified Information Systems Auditor (CISA) exam prep series covers problem and incident management. It introduces the key distinction between restoring a disrupted service and eliminating its root cause, walks through the incident lifecycle, explains how abnormal conditions are logged and escalated, and describes the role of the help desk and monitoring tools in keeping operations reliable.
What this episode covers
- Problem vs. incident management — the distinction between restoring service fast and hunting the root cause to prevent recurrence.
- Root cause techniques — cause-and-effect diagrams, brainstorming, and the five-whys method, leading to a known error database.
- Incident lifecycle — initiation, classification, specialist assignment, resolution, and closure, with prioritisation by impact and urgency.
- Error logging and control — what each log entry must contain, who may open and close entries, and why separation of duties applies.
- Escalation procedures — documenting who handles each problem type, which issues are urgent, and how resolutions are communicated.
- Help desk role and monitoring tools — the help desk as single point of contact, plus response time reports, downtime reports, online monitors, network monitors, and protocol analysers.
Watch the full episode above for the worked examples and detailed explanations of each concept.
Frequently Asked Questions
What is the difference between problem management and incident management?
Incident management aims to restore normal service as quickly as possible by limiting the damage from a disruption, making it a reactive process. Problem management aims to find the root cause behind one or more incidents so that the underlying issue can be eliminated or contained, thereby cutting the number and severity of future incidents. One limits damage right now while the other hunts the cause to stop the disruption recurring.
What are the steps in the incident management lifecycle?
The incident lifecycle runs through initiation, then classification, then assignment to a specialist, then resolution, and finally closure. Every incident must be prioritised by weighing its impact against its urgency, so that management has rules to determine which issues come first when multiple incidents arrive at the same time. Unresolved items are escalated according to set criteria, and service level agreements often define what resolution timeframes are acceptable.
How should abnormal conditions be logged and escalated?
A log, either automated or manual, captures application, system, operator, network, and hardware errors, with each entry recording the date, a code, the source, a description, and how it was resolved. Anyone should be able to add an entry, but only authorised people may update it, and updates must be traceable. Separation of duties applies at closure, meaning whoever closes an entry should not be the person who opened it, and escalation procedures must name who handles each problem type and which issues are urgent.
What monitoring tools help manage problems and incidents?
Response time reports show how long the system takes to answer a user, with management tracking the average, best, and worst values. Downtime reports track when lines and circuits are unavailable, prompting decisions about adding capacity or switching to dedicated links. Online monitors check that transmissions are accurate and not lost or duplicated, network monitors show node status in real time, and protocol analysers attach to a link and report the traffic flowing across it.
📚 Master the ISACA CISA Exam!
Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISACA CISA certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.
Reference: This article is based on concepts discussed in Problem & Incident Management.