Organization of response to information security incidents

Objective. Development of practical recommendations for creating an effective information security incident response system. Method. The article includes an analysis of existing methods and tools for detecting and analyzing information security incidents, as well as a study of the consequences of such incidents and their impact on the work of a company or organization. Result. Development of a set of practical recommendations aimed at creating an effective information security incident response system. During the analysis of existing methods and tools for the detection and analysis of information security incidents, the most effective and adapted approaches were identified. These methods include both technical means of detection and rapid incident response processes. The recommendations were created taking into account the characteristics of companies and organizations of various industries and are also intended for use by persons who do not have deep knowledge in the field of information security. The recommendations include clear step-by-step instructions, resources and tips that will allow companies to easily implement the proposed measures in their practice. Conclusion. The development of an effective information security incident response system is critically important for companies and organizations, as they face an increasing number of cyber-attacks and threats to information security. Creating an effective information security incident response system is an integral part of a successful business strategy. The developed practical recommendations have the potential to significantly reduce the risks and damage associated with information security, even for companies and organizations without prior experience in this field. These recommendations focus not only on technical aspects, but also on organizational measures to ensure timely detection, analysis and response to incidents.

1. GOST R ISO/IEC TO 18044–2007. National standard of the russian federation. Information technology. Methods and means of ensuring security. Information Security incident management (https://docs.cntd.ru/document/1200068822)

2. Incident Response. Kaspersky Electronic Encyclopedia. URL: https://encyclopedia.kaspersky.ru/glossary/incident-response/ (accessed 16.05.23)

3. Rakhmetov R. SIEM systems (Security Information and Event Management) - what is it and why is it needed? Electronic blog of Security Vision company. URL: https://www.securityvision.ru/blog/siem-chto-eto-i-zachem-nuzhno/ (accessed 16.05.23)

4. SOAR (Security Orchestration, Automation and Response). Kaspersky Electronic Encyclopedia. URL: https://encyclopedia.kaspersky.ru/glossary/security-orchestration-automation-and-response-soar/ (accessed 17.05.23)

5. Na-Eun Park, Yu-Rim Lee, Soyoung Joo, So-Yeon Kim, So-Hui Kim, Ju-Young Park, Seo-Yi Kim, Il-Gu Lee. Performance evaluation of a fast and efficient intrusion detection framework for advanced persistent threat-based cyberattacks. International quotation Database Science Direct. URL: https://www.sciencedirect.com/science/article/pii/S0045790622007637 (accessed 18.05.23)

6. UEBA. Kaspersky Electronic Encyclopedia. URL: https://encyclopedia.kaspersky.ru/glossary/ueba/ (accessed 19.05.23)

7. Alejandro G. Martín, Marta Beltrán, Alberto Fernández-Isabel, Isaac Martín de Diego. An approach to detect user behaviour anomalies within identity federations. // International quotation Database Science Direct. URL: https://www.sciencedirect.com/science/article/pii/S0167404821001802 (accessed 18.05.23)

8. Pisarenko I. Identification of information security incidents. // Information security. (In Russ) Available at: https://lib.itsec.ru/articles2/control/vyyavlenie-incidentov-informacionnoy-bezopasnosti (accessed 19.05.23)

9. ShcherbakovaA.Y., Zefirov S.L. Scenarios of the information gathering incident. Materials of the II International Scientific and Practical Conference of students and young scientists “Youth and science: modernization and innovative development of the country”: electronic scientific journal. edition. FSUE STC “Informregister”, Depository of electronic publications. 2012; 769-772.

10. Current cyber threats: The second quarter of 2022. Electronic resource of Positive Technologies company, URL: https://www.ptsecurity.com/ru-ru/research/analytics/cybersecurity-threatscape-2022-q2/ (accessed 19.05.23)

11. Kruchkov A.V., Prus Y.V., Reznichenko S.A., Technological foundations of national information security. Collection of articles, International scientific and Practical Conference of the Russian State University for the Humanities. 2018; 58-63.

12. Reznichenko S.A., Sirotskiy A.A. A formalized model of an organization’s information security audit for compliance with the requirements of standards. Information Technology Security, 2021; 28(3):103-117.

13. Reznichenko S.A., Dmitrieva T.V., Podkosov S.V., Evdokimov O.G., Semuhin S.D. Problems of information security management in the credit and banking data transmission system // Moscow Economic Journal. 2022. №2 URL: https://qje.su/ekonomicheskaya-teoriya/moskovskij-ekonomicheskij-zhurnal-2-2022-36/ (accessed 19.05.23)