A comprehensive semi-automated incident handling workflow

Dramatic growth of Information Technology in every organization increased the number of computer security incidents in recent years. These incidents result in huge financial and reputational lost even in small companies. Naturally, demands for computer-related incident management have been increased. Nowadays, Incident Handling still is a very complex and critical task which mainly done by human expert teams. The cost of keeping such team ready 24×7 is very high, especially in big organizations with large networks. Consequently, automated Incident Handling is greatly desired. However, this task contains many factors and is very human dependent that made it very challenging to automate. In this study, after a review of Incident Handling methods, a comprehensive workflow for semi-automated Incident Handling has been proposed. This workflow has been suggested based on common principles in this concept and gathers automated processing units with expert teams in a way which minimizes human efforts for Incident Handling.