Abstract: A computer security event monitoring system comprising a trigger for generating a security event alert when a security event occurs and an event manager responsive to the generation of a security event alert. The alert is converted to an incident record by the event manager. The incident record is stored in a storage means and forwarded to an event reaction means for investigation of a reaction to the security event.