Title :
A comprehensive semi-automated incident handling workflow
Author :
Hashemi, Seyyed Hadi ; Babaeizadeh, M. ; Nowruzi, M. ; Jazi, Hossein Hadian ; Shahmoradi, M. ; Samani, E.B.B.
Abstract :
Dramatic growth of Information Technology in every organization increased the number of computer security incidents in recent years. These incidents result in huge financial and reputational lost even in small companies. Naturally, demands for computer-related incident management have been increased. Nowadays, Incident Handling still is a very complex and critical task which mainly done by human expert teams. The cost of keeping such team ready 24×7 is very high, especially in big organizations with large networks. Consequently, automated Incident Handling is greatly desired. However, this task contains many factors and is very human dependent that made it very challenging to automate. In this study, after a review of Incident Handling methods, a comprehensive workflow for semi-automated Incident Handling has been proposed. This workflow has been suggested based on common principles in this concept and gathers automated processing units with expert teams in a way which minimizes human efforts for Incident Handling.
Keywords :
computer network security; expert systems; information technology; workflow management software; automated processing units; big organizations; comprehensive semiautomated incident handling workflow; computer security incidents; computer-related incident management; huge financial lost; human expert teams; information technology; reputational lost; small companies; Business continuity; Computer security; Grippers; Intrusion detection; Organizations; Standards organizations; Computer Security; Incident Handling; Incident Management; Semi-Automated Incident Handling;
Conference_Titel :
Telecommunications (IST), 2012 Sixth International Symposium on
Conference_Location :
Tehran
Print_ISBN :
978-1-4673-2072-6
DOI :
10.1109/ISTEL.2012.6483144
