Information security incident management and analysis service

Objective. The paper considers the issues of designing and developing a service for automating the management and analysis of information security incidents for a metallurgical enterprise. The main stages and actions of incident management at the enterprise are examined and described. Methods. A software service that allows you to automate the processes of monitoring, evaluating and analyzing undesirable and unexpected information security events has been developed in the Visual Studio Code environment in the high-level Python programming language. To expand the functionality of the created software application, additional frameworks and the necessary libraries were used. The storage of information about the company's incidents is organized in the created database. Result. The article describes the algorithm for developing a software service, and provides examples of screen forms of this application. The functionality of the service allows you to receive various analytics: a general and detailed analysis of incidents by type, detection methods, time spent on solving the incident, the level of criticality, status, method of detection, speed of response, and the consequences caused. Conclusion. Testing of the software service demonstrated effective detection of new attacks and prompt protection of information systems and automated equipment of the enterprise. Incident analysis is aimed at identifying problem areas in the work of information security services, the elimination of which will allow for faster detection of unwanted events and minimization of the recurrence of incidents and their consequences.

1. Bandari V. Enterprise data security measures: a comparative review of effectiveness and risks across different industries and organization types. International Journal of Business Intelligence and Big Data Analytics. 2023; 6(1):1-11.

2. Patterson C.M., Nurse J.R.C., Franqueira V.N.L. Learning from cyber security incidents: A systematic review and future research agenda. Computers & Security. 2023;132:103309.

3. Alarcon J.C.M. Information security: A comprehensive approach to risk management in the digital world. SCT Proceedings in Interdisciplinary Insights and Innovations. 2023;1:84-84.

4. Information technology. Methods and means of ensuring security. Information security incident management. GOST R ISO/IEC TO 18044-2007. Moscow: Standartinform, 2009. URL: https://rosgosts.ru/file/gost/01/040/gost_r_iso!mek_to_18044-2007.pdf (accessed: 05/20/2024). (In Russ)

5. Oleinikova A.A., Zolotarev V.V. The concept of information security management based on a cycle of continuous detection and response to information security incidents. Izvestiya SFU. Technical sciences. 2023; 5(235):66-81. DOI: 10.18522/2311-3103-2023-5-66-81. (In Russ)

6. Trofimov D.O., Shepelev M.S., Reznichenko S.A. Organization of response to information security incidents. Herald of the Daghestan State Technical University. Technical Sciences. 2023;4(50):148-157. DOI: 10.21822/2073-6185-2023-50-4-148-157. (In Russ)

7. Basharina O.Yu., Butsenko E.V., Pokhomchikova E.O., Shilnikova I.S. Technology of corporate protection of personal data and confidential information. Modern high-tech technologies. 2024; 2:8-14. DOI: 10.17513/snt.39924. (In Russ)

8. Soldatov E.Yu., Selifanov V.V., Kuvshinov M.A. Development of an information security incident control system. Security of digital technologies. 2023;3(110):54-66. DOI:10.17212/2782-2230-2023-3-54-66.

9. Ehis A. T. Optimization of security information and event management (SIEM) infrastructures, and events correlation/regression analysis for optimal cyber security posture.Archives of Advanced Engineering Science. 2023;1-10.

10. Rytov M. Yu., Golembiovskaya O.M., Kondrashova E.V. The procedure for assessing the level of effectiveness of the system of continuous counteraction to information security incidents at the facility. Information and Security. 2024;27(1):135-142. DOI: 10.36622/1682-7813.2024.27.1.011. (In Russ)

11. Mouratidis H., Islam S., Santos-Olmo A., Sanchez L.E, Ismail M.U. Modelling language for cyber security incident handling for critical infrastructures.Computers & Security. 2023;128:103139. DOI: 10.1016/j.cose.2023.103139.

12. Naseer H., Desouza K.C., Maynard S.B., Ahmad A. Enabling cybersecurity incident response agility through dynamic capabilities: the role of real-time analytics. European Journal of Information Systems. 2024;33(2): 200-220. DOI:10.1080/0960085X.2023.2257168.

13. Walter M., Heinrich R., Reussner R. Architecture-based attack path analysis for identifying potential security incidents. European Conference on Software Architecture. Cham: Springer Nature Switzerland. 2023; 37-53.

14. Kyriazoglou J. Improving Security Incident and Data Breach Responses. Information Security Incident and Data Breach Management: A Step-by-Step Approach. – Berkeley, CA : Apress, 2024; 67-73.