INVESTIGATION OF INFORMATION SECURITY INCIDENTS RESPONSE PLATFORMS
Keywords:
information security, response automation system, information security incidents, information security eventAbstract
Incident management platforms help security administrators quickly identify and investigate incidents, manage their work until the point of closure, and automate incident response tasks to ensure faster resolution of identified incidents.
Incident management is a complex technology that requires skilled IT engineers and analysts to manage and support. When implementing a system, you need to understand that it is not a universal remedy for eliminating all attacks and incidents related to information security.
References
ГОСТ Р ИСО/МЭК ТО 18044-2007. Information technology. Security techniques. Information security incident management [Electronic resource]. – URL http://docs.cntd.ru/document/1200068822 (07.05.2022).
Positive Technologies. Actual cyber threats: results of 2021 [Electronic resource]. – URL https://www.ptsecurity.com/ru-ru/research/analytics/cybersecurity-threatscape-2021/ (06.05.2022).
Bodrik A.P. Market Overview of Incident Response Platforms (IRP) in Russia. [Electronic resource]. – URL https://www.anti-malware.ru/analytics/Market_Analysis/incidentresponse-platforms -irp-in-russia/ (20.04.2022).
Jet. Sysrem Jet Signal [Electronic resource]. – URL https://jet.su/services/software-development/products/jet-signal/ (06.05.2022).
Security Vision. Система Security Vision IRP [Electronic resource]. – URL https://www.securityvision.ru/products/irp/ (06.05.2022).
R-Vision. System R-Vision Incident Response Platform [Electronic resource]. – URL https://rvision.pro/irp/ (06.05.2022).
Panasenko A. Automating incident response using scripts (playbook) using the example of R-Vision IRP [Electronic resource]. – URL https://www.anti-malware.ru/practice/methods/R-Vision-IRP (18.05.2022).
