BRIMM
Business Risk Incident Management Model
Following years of research and extensive implementation in ‘real world’ scenarios POC Management Ltd (POC) have devised a Business Risk Incident Management Model (BRIMM) that allows organisations to take a structured approach when managing security incident risks.
Our experience has shown that organisations often take a piece-meal approach to managing security incidents but this does not allow them to utilise their resources effectively. By adopting the Business Risk Incident Management Model framework organisations will be ensuring it integrates into existing processes and organisational structures to enable critical business functions to continue operating with minimal disruption. This should strengthen and improve the credibility and capability of the organisation to effectively manage incidents thereby protecting assets and business reputation.
The Business Risk Incident Management Model is comprised of six key elements. The introduction of any of these elements as a single entity can be useful in the fight against fraud or inappropriate behaviour but are they are most effective when integrated into our innovative framework. The BRIMM elements are as follows:
- Incident Management Framework
- Business Intelligence Unit
- Tasking & Co-ordination Groups
- Investigation Management
- Training and Awareness
- Audit Framework
The BRIMM is a set of processes allowing organisations to gather and manage information in order to make the most effective use of resources. It provides a framework for the effective management of incidents to ensure that existing resources within the organisation are at their optimum level to achieve the best possible results. It is structured through various means and emphasises three key factors:
- Priorities
- Resources
- Results
Originally the Model was adapted from the National Intelligence Model (NIM), which is the cornerstone of all UK law enforcement agency operations, and it breaks down all inappropriate activity into three tier levels. The NIM grades/levels have been converted to fit varying client business areas that each uniquely operate within, yet making sure that the fundamentals of the model are not lost in corporate translation.