ISSUES OF IMPROVING THE PROCESSES OF DETECTION AND PROCESSING OF INFORMATION SECURITY EVENTS AND INCIDENTS
Abstract
Timely detection of events and processing of possible information security (IS) incidents is the most urgent issue in the conditions of information warfare and military aggression.
The article notes the special relevance of creating IS monitoring systems to solve tasks in the work process of companies that are actively expanding their arsenal of security tools to ensure information security at critical infrastructure facilities.
The essence of methods of responding to IS events and incidents and their processing, improving the processes of detection and processing of information security events and incidents, supporting the effective functioning of IS event monitoring systems is revealed.
The sequence of IS event and incident processing operations implemented at the stage of the IS incident management process using the algorithm of the first assessment and preliminary decision on events and the second assessment with confirmation of a possible information security incident is considered.
Particular attention is drawn to the fact that in the process of analyzing the potential or actual negative impact, it is necessary to confirm what consequences occurred for the organization's business as a result of the IS incident.
Practical recommendations are provided for improving the processes of identifying events and processing IS incidents, supporting the effective functioning of IS event monitoring systems, in particular, carrying out the following measures: ensuring the proper organization of the IS incident management process, which involves the development and implementation of IS incident management policies and procedures, training of personnel who will be responsible for identifying and responding to IS incidents; implementation of IS monitoring systems capable of detecting a wide range of IS events and incidents and ensuring effective processing of detected IS events and incidents; creation of an effective algorithm for responding to IS incidents, which will determine the order of actions that must be performed to eliminate detected IS events and incidents; holding regular exercises and trainings on detection and response to IS incidents, which will help staff acquire the necessary knowledge and skills to effectively detect and respond to IS incidents.
Key words: a threat source, IS events and incidents, IS incident response process, event monitoring system, IS incident management system, event processing and correlation systems.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Сергій Гордієнко, Олена Кобус
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
