1 / 28

Information Security Incident Management Process

Information Security Incident Management Process. A. Kostina , N. Miloslavskaya , and A. Tolstoy, Proceedings of the 2nd International C onference on Security of Information and Networks , 93-97, 2009 Presented by Anh Nguyen February 15, 2010. Organization. Introduction

eliza
Download Presentation

Information Security Incident Management Process

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Security Incident Management Process A. Kostina, N. Miloslavskaya, and A. Tolstoy, Proceedings of the 2nd International Conference on Security of Information and Networks, 93-97, 2009 Presented by Anh Nguyen February 15, 2010

  2. Organization Introduction International Documents Regulating IS Incidents and Management IS Event and IS Incident Approach to ISIMP Development VEI Detection and Notification Joint Process Conclusions 2

  3. Organization • Introduction • International Documents Regulating IS Incidents and Management • IS Event and IS Incident • Approach to ISIMP Development • VEI Detection and Notification Joint Process • Conclusions

  4. IntroductionWhy ISIMP? • Detect, report and assess IS incidents • Respond to IS incidents • Learn from IS incidents

  5. IntroductionWhy ISIMP? • One of the basic parts of ISMS • Data obtained from ISIMP can be used in other ISMS’ processes • Helps assess the overall level of organization’s IS

  6. Organization Introduction International Documents Regulating IS Incidents and Management IS Event and IS Incident Approach to ISIMP Development VEI Detection and Notification Joint Process Conclusions 6

  7. International Documents Regulating IS Incidents and Management • The Standard ISO/IEC 27001 “Information technology – Security techniques – Information security management systems – Requirements” • NIST SP 800-61 <<Computer security incident handling guide>> • CMU/SEI-2004-TR-015 <<Defining incident management processes for CSIRT>>

  8. Organization Introduction International Documents Regulating IS Incidents and Management IS Event and IS Incident Approach to ISIMP Development VEI Detection and Notification Joint Process Conclusions 8

  9. IS Event and IS IncidentIS Event • IS Event • An identified occurrence of a system, service or network state indicating a possible breach of IS policy or failure of safeguards

  10. IS Event and IS IncidentIS Event (Cont.)

  11. IS Event and IS IncidentIS Incident • IS Incident • Is indicated by a single or a series of unwanted or unexpected IS events that have a significant probability of compromising business operations and threatening IS

  12. IS Event and IS IncidentIS Incident (Cont.)

  13. Organization Introduction International Documents Regulating IS Incidents and Management IS Event and IS Incident Approach to ISIMP Development VEI Detection and Notification Joint Process Conclusions 13

  14. Approach to ISIMP DevelopmentIS Incident Management Policy • The importance of IS incident management • IS events detection, alerts and notification about IS incidents procedures • Summary of activities following the confirmation that an IS event is an IS incident • Structure of IS incidents management • List of legal acts being used

  15. Approach to ISIMP DevelopmentIS Incidents Management Process • Vulnerabilities, IS events and incidents (VEI) detection • VEI notification • VEI messages processing • Reaction to IS incidents • IS incidents analysis • IS incidents investigation • ISIMP efficiency analysis

  16. Approach to ISIMP DevelopmentIS Incidents Management Process (Cont.)

  17. Organization Introduction International Documents Regulating IS Incidents and Management IS Event and IS Incident Approach to ISIMP Development VEI Detection and Notification Joint Process Conclusions 17

  18. VEI Detection and Notification Joint Process

  19. VEI Detection and Notification Joint Process (Cont.)

  20. VEI Detection and Notification Joint Process (Cont.)

  21. VEI Detection and Notification Joint Process (Cont)

  22. VEI Detection and Notification Joint Process (Cont)

  23. VEI Detection and Notification Joint Process (Cont)

  24. VEI Detection and Notification Joint Process (Cont)

  25. VEI Detection and Notification Joint Process (Cont)

  26. VEI Detection and Notification Joint Process (Cont)

  27. Organization Introduction International Documents Regulating IS Incidents and Management IS Event and IS Incident Approach to ISIMP Development VEI Detection and Notification Joint Process Conclusions 27

  28. Conclusions • Thank you for your time • Questions and feedback are welcome

More Related