Information Security Incident Management Process A. Kostina, N. Miloslavskaya, and A. Tolstoy, Proceedings of the 2nd International Conference on Security of Information and Networks, 93-97, 2009 Presented by Anh Nguyen February 15, 2010
Organization Introduction International Documents Regulating IS Incidents and Management IS Event and IS Incident Approach to ISIMP Development VEI Detection and Notification Joint Process Conclusions 2
Organization Introduction International Documents Regulating IS Incidents and Management IS Event and IS Incident Approach to ISIMP Development VEI Detection and Notification Joint Process Conclusions
Introduction Why ISIMP? Detect, report and assess IS incidents Respond to IS incidents Learn from IS incidents
Introduction Why ISIMP? One of the basic parts of ISMS Data obtained from ISIMP can be used in other ISMS’ processes Helps assess the overall level of organization’s IS
Organization Introduction International Documents Regulating IS Incidents and Management IS Event and IS Incident Approach to ISIMP Development VEI Detection and Notification Joint Process Conclusions 6
International Documents Regulating IS Incidents and Management The Standard ISO/IEC 27001 “Information technology – Security techniques – Information security management systems – Requirements” NIST SP 800-61 <<Computer security incident handling guide>> CMU/SEI-2004-TR-015 <<Defining incident management processes for CSIRT>>
Organization Introduction International Documents Regulating IS Incidents and Management IS Event and IS Incident Approach to ISIMP Development VEI Detection and Notification Joint Process Conclusions 8
IS Event and IS Incident IS Event An identified occurrence of a system, service or network state indicating a possible breach of IS policy or failure of safeguards
IS Event and IS Incident IS Event (Cont.)
IS Event and IS Incident IS Incident Is indicated by a single or a series of unwanted or unexpected IS events that have a significant probability of compromising business operations and threatening IS
IS Event and IS Incident IS Incident (Cont.)
Organization Introduction International Documents Regulating IS Incidents and Management IS Event and IS Incident Approach to ISIMP Development VEI Detection and Notification Joint Process Conclusions 13
Approach to ISIMP Development IS Incident Management Policy The importance of IS incident management IS events detection, alerts and notification about IS incidents procedures Summary of activities following the confirmation that an IS event is an IS incident Structure of IS incidents management List of legal acts being used
Approach to ISIMP Development IS Incidents Management Process Vulnerabilities, IS events and incidents (VEI) detection VEI notification VEI messages processing Reaction to IS incidents IS incidents analysis IS incidents investigation ISIMP efficiency analysis
Approach to ISIMP Development IS Incidents Management Process (Cont.)
Organization Introduction International Documents Regulating IS Incidents and Management IS Event and IS Incident Approach to ISIMP Development VEI Detection and Notification Joint Process Conclusions 17
VEI Detection and Notification Joint Process
VEI Detection and Notification Joint Process (Cont.)
VEI Detection and Notification Joint Process (Cont.)
VEI Detection and Notification Joint Process (Cont)
VEI Detection and Notification Joint Process (Cont)
VEI Detection and Notification Joint Process (Cont)
VEI Detection and Notification Joint Process (Cont)
VEI Detection and Notification Joint Process (Cont)
VEI Detection and Notification Joint Process (Cont)
Organization Introduction International Documents Regulating IS Incidents and Management IS Event and IS Incident Approach to ISIMP Development VEI Detection and Notification Joint Process Conclusions 27
Conclusions Thank you for your time Questions and feedback are welcome