Anastasia Iakovleva, M. Zhukova, Tatyana Strekaleva
{"title":"《资讯保安事故处理规例","authors":"Anastasia Iakovleva, M. Zhukova, Tatyana Strekaleva","doi":"10.1109/SmartIndustryCon57312.2023.10110721","DOIUrl":null,"url":null,"abstract":"The article shows the problem of cyber fatigue of the specialists investigating information security incidents. The cause of the problem is the increase in the number of warnings and events generated and logged daily by a protection system. This volume of information is processed using automation tools; nevertheless, it cannot do without human participation. The essence of the issue lies in the fact that specialists do not have a common algorithm for conducting investigations and a roadmap for building a timeline of events. Therefore, it is necessary to change and supplement the existing approach to the work with incidents by unifying the process of identifying the stages of development of a computer incident during an investigation. To do this, the paper studies the issue of algorithmization and describes typical approaches to handling information security incidents. We propose an algorithm that allows processing an information security incident: to obtain information about the access point to the system, the development of an incident in the system, and the general profile of the attacker. In addition, it is assumed that the algorithm can be used for educational purposes to train specialists who work with incidents in order to form and develop basic practical skills by applying this in a case-oriented approach.","PeriodicalId":157877,"journal":{"name":"2023 International Russian Smart Industry Conference (SmartIndustryCon)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-03-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Information Security Incident Handling Regulation\",\"authors\":\"Anastasia Iakovleva, M. Zhukova, Tatyana Strekaleva\",\"doi\":\"10.1109/SmartIndustryCon57312.2023.10110721\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The article shows the problem of cyber fatigue of the specialists investigating information security incidents. The cause of the problem is the increase in the number of warnings and events generated and logged daily by a protection system. This volume of information is processed using automation tools; nevertheless, it cannot do without human participation. The essence of the issue lies in the fact that specialists do not have a common algorithm for conducting investigations and a roadmap for building a timeline of events. Therefore, it is necessary to change and supplement the existing approach to the work with incidents by unifying the process of identifying the stages of development of a computer incident during an investigation. To do this, the paper studies the issue of algorithmization and describes typical approaches to handling information security incidents. We propose an algorithm that allows processing an information security incident: to obtain information about the access point to the system, the development of an incident in the system, and the general profile of the attacker. In addition, it is assumed that the algorithm can be used for educational purposes to train specialists who work with incidents in order to form and develop basic practical skills by applying this in a case-oriented approach.\",\"PeriodicalId\":157877,\"journal\":{\"name\":\"2023 International Russian Smart Industry Conference (SmartIndustryCon)\",\"volume\":\"4 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-03-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 International Russian Smart Industry Conference (SmartIndustryCon)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SmartIndustryCon57312.2023.10110721\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 International Russian Smart Industry Conference (SmartIndustryCon)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SmartIndustryCon57312.2023.10110721","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The article shows the problem of cyber fatigue of the specialists investigating information security incidents. The cause of the problem is the increase in the number of warnings and events generated and logged daily by a protection system. This volume of information is processed using automation tools; nevertheless, it cannot do without human participation. The essence of the issue lies in the fact that specialists do not have a common algorithm for conducting investigations and a roadmap for building a timeline of events. Therefore, it is necessary to change and supplement the existing approach to the work with incidents by unifying the process of identifying the stages of development of a computer incident during an investigation. To do this, the paper studies the issue of algorithmization and describes typical approaches to handling information security incidents. We propose an algorithm that allows processing an information security incident: to obtain information about the access point to the system, the development of an incident in the system, and the general profile of the attacker. In addition, it is assumed that the algorithm can be used for educational purposes to train specialists who work with incidents in order to form and develop basic practical skills by applying this in a case-oriented approach.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
