information security incident management process
DESCRIPTION
Information Security Incident Management Process. A. Kostina , N. Miloslavskaya , and A. Tolstoy, Proceedings of the 2nd International C onference on Security of Information and Networks , 93-97, 2009 Presented by Anh Nguyen February 15, 2010. Organization. Introduction - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Information Security Incident Management Process](https://reader036.vdocument.in/reader036/viewer/2022062301/56815d61550346895dcb6756/html5/thumbnails/1.jpg)
Information Security Incident Management Process
A. Kostina, N. Miloslavskaya, and A. Tolstoy, Proceedings of the 2nd International Conference on Security of Information and Networks, 93-97, 2009
Presented by Anh NguyenFebruary 15, 2010
![Page 2: Information Security Incident Management Process](https://reader036.vdocument.in/reader036/viewer/2022062301/56815d61550346895dcb6756/html5/thumbnails/2.jpg)
Organization
• Introduction• International Documents Regulating IS
Incidents and Management• IS Event and IS Incident• Approach to ISIMP Development• VEI Detection and Notification Joint Process• Conclusions
2
![Page 3: Information Security Incident Management Process](https://reader036.vdocument.in/reader036/viewer/2022062301/56815d61550346895dcb6756/html5/thumbnails/3.jpg)
Organization
• Introduction• International Documents Regulating IS
Incidents and Management• IS Event and IS Incident• Approach to ISIMP Development• VEI Detection and Notification Joint Process• Conclusions
3
![Page 4: Information Security Incident Management Process](https://reader036.vdocument.in/reader036/viewer/2022062301/56815d61550346895dcb6756/html5/thumbnails/4.jpg)
IntroductionWhy ISIMP?
• Detect, report and assess IS incidents• Respond to IS incidents• Learn from IS incidents
![Page 5: Information Security Incident Management Process](https://reader036.vdocument.in/reader036/viewer/2022062301/56815d61550346895dcb6756/html5/thumbnails/5.jpg)
IntroductionWhy ISIMP?
• One of the basic parts of ISMS• Data obtained from ISIMP can be used in
other ISMS’ processes• Helps assess the overall level of organization’s
IS
![Page 6: Information Security Incident Management Process](https://reader036.vdocument.in/reader036/viewer/2022062301/56815d61550346895dcb6756/html5/thumbnails/6.jpg)
Organization
• Introduction• International Documents Regulating IS
Incidents and Management• IS Event and IS Incident• Approach to ISIMP Development• VEI Detection and Notification Joint Process• Conclusions
6
![Page 7: Information Security Incident Management Process](https://reader036.vdocument.in/reader036/viewer/2022062301/56815d61550346895dcb6756/html5/thumbnails/7.jpg)
International Documents Regulating IS Incidents and Management
• The Standard ISO/IEC 27001 “Information technology – Security techniques – Information security management systems – Requirements”
• NIST SP 800-61 <<Computer security incident handling guide>>
• CMU/SEI-2004-TR-015 <<Defining incident management processes for CSIRT>>
![Page 8: Information Security Incident Management Process](https://reader036.vdocument.in/reader036/viewer/2022062301/56815d61550346895dcb6756/html5/thumbnails/8.jpg)
Organization
• Introduction• International Documents Regulating IS
Incidents and Management• IS Event and IS Incident• Approach to ISIMP Development• VEI Detection and Notification Joint Process• Conclusions
8
![Page 9: Information Security Incident Management Process](https://reader036.vdocument.in/reader036/viewer/2022062301/56815d61550346895dcb6756/html5/thumbnails/9.jpg)
IS Event and IS IncidentIS Event
• IS Event– An identified occurrence of a system, service or
network state indicating a possible breach of IS policy or failure of safeguards
![Page 10: Information Security Incident Management Process](https://reader036.vdocument.in/reader036/viewer/2022062301/56815d61550346895dcb6756/html5/thumbnails/10.jpg)
IS Event and IS IncidentIS Event (Cont.)
![Page 11: Information Security Incident Management Process](https://reader036.vdocument.in/reader036/viewer/2022062301/56815d61550346895dcb6756/html5/thumbnails/11.jpg)
IS Event and IS IncidentIS Incident
• IS Incident– Is indicated by a single or a series of unwanted or
unexpected IS events that have a significant probability of compromising business operations and threatening IS
![Page 12: Information Security Incident Management Process](https://reader036.vdocument.in/reader036/viewer/2022062301/56815d61550346895dcb6756/html5/thumbnails/12.jpg)
IS Event and IS IncidentIS Incident (Cont.)
![Page 13: Information Security Incident Management Process](https://reader036.vdocument.in/reader036/viewer/2022062301/56815d61550346895dcb6756/html5/thumbnails/13.jpg)
Organization
• Introduction• International Documents Regulating IS
Incidents and Management• IS Event and IS Incident• Approach to ISIMP Development• VEI Detection and Notification Joint Process• Conclusions
13
![Page 14: Information Security Incident Management Process](https://reader036.vdocument.in/reader036/viewer/2022062301/56815d61550346895dcb6756/html5/thumbnails/14.jpg)
Approach to ISIMP DevelopmentIS Incident Management Policy• The importance of IS incident management• IS events detection, alerts and notification
about IS incidents procedures• Summary of activities following the
confirmation that an IS event is an IS incident• Structure of IS incidents management• List of legal acts being used
![Page 15: Information Security Incident Management Process](https://reader036.vdocument.in/reader036/viewer/2022062301/56815d61550346895dcb6756/html5/thumbnails/15.jpg)
Approach to ISIMP DevelopmentIS Incidents Management Process• Vulnerabilities, IS events and incidents (VEI)
detection• VEI notification• VEI messages processing• Reaction to IS incidents• IS incidents analysis• IS incidents investigation• ISIMP efficiency analysis
![Page 16: Information Security Incident Management Process](https://reader036.vdocument.in/reader036/viewer/2022062301/56815d61550346895dcb6756/html5/thumbnails/16.jpg)
Approach to ISIMP DevelopmentIS Incidents Management Process (Cont.)
![Page 17: Information Security Incident Management Process](https://reader036.vdocument.in/reader036/viewer/2022062301/56815d61550346895dcb6756/html5/thumbnails/17.jpg)
Organization
• Introduction• International Documents Regulating IS
Incidents and Management• IS Event and IS Incident• Approach to ISIMP Development• VEI Detection and Notification Joint Process• Conclusions
17
![Page 18: Information Security Incident Management Process](https://reader036.vdocument.in/reader036/viewer/2022062301/56815d61550346895dcb6756/html5/thumbnails/18.jpg)
VEI Detection and Notification Joint Process
![Page 19: Information Security Incident Management Process](https://reader036.vdocument.in/reader036/viewer/2022062301/56815d61550346895dcb6756/html5/thumbnails/19.jpg)
VEI Detection and Notification Joint Process (Cont.)
![Page 20: Information Security Incident Management Process](https://reader036.vdocument.in/reader036/viewer/2022062301/56815d61550346895dcb6756/html5/thumbnails/20.jpg)
VEI Detection and Notification Joint Process (Cont.)
![Page 21: Information Security Incident Management Process](https://reader036.vdocument.in/reader036/viewer/2022062301/56815d61550346895dcb6756/html5/thumbnails/21.jpg)
VEI Detection and Notification Joint Process (Cont)
![Page 22: Information Security Incident Management Process](https://reader036.vdocument.in/reader036/viewer/2022062301/56815d61550346895dcb6756/html5/thumbnails/22.jpg)
VEI Detection and Notification Joint Process (Cont)
![Page 23: Information Security Incident Management Process](https://reader036.vdocument.in/reader036/viewer/2022062301/56815d61550346895dcb6756/html5/thumbnails/23.jpg)
VEI Detection and Notification Joint Process (Cont)
![Page 24: Information Security Incident Management Process](https://reader036.vdocument.in/reader036/viewer/2022062301/56815d61550346895dcb6756/html5/thumbnails/24.jpg)
VEI Detection and Notification Joint Process (Cont)
![Page 25: Information Security Incident Management Process](https://reader036.vdocument.in/reader036/viewer/2022062301/56815d61550346895dcb6756/html5/thumbnails/25.jpg)
VEI Detection and Notification Joint Process (Cont)
![Page 26: Information Security Incident Management Process](https://reader036.vdocument.in/reader036/viewer/2022062301/56815d61550346895dcb6756/html5/thumbnails/26.jpg)
VEI Detection and Notification Joint Process (Cont)
![Page 27: Information Security Incident Management Process](https://reader036.vdocument.in/reader036/viewer/2022062301/56815d61550346895dcb6756/html5/thumbnails/27.jpg)
Organization
• Introduction• International Documents Regulating IS
Incidents and Management• IS Event and IS Incident• Approach to ISIMP Development• VEI Detection and Notification Joint Process• Conclusions
27
![Page 28: Information Security Incident Management Process](https://reader036.vdocument.in/reader036/viewer/2022062301/56815d61550346895dcb6756/html5/thumbnails/28.jpg)
Conclusions
• Thank you for your time• Questions and feedback are welcome
28