On Automation and Orchestration of an Initial Computer Security Incident Response by Introducing Centralized Incident Tracking System
この論文をさがす
抄録
A critical computer security incident may cause great damage to an organization for example by a confidential data breach or malware pandemic. In order to avoid or mitigate such damage, a quick and accurate response against a computer security incident is becoming more important. In order to realize these quickness and accuracy, this paper presents the Incident Tracking System (ITS) that orchestrates several information systems and automates an initial incident response. The ITS automatically locates and isolates a suspicious host, and sends a mail notification to the person in charge of handling an incident. The ITS can also identify or suggest a user of the suspicious host by network authentication logs or other service logs.------------------------------This is a preprint of an article intended for publication Journal ofInformation Processing(JIP). This preprint should not be cited. Thisarticle should be cited as: Journal of Information Processing Vol.27(2019) (online)DOI http://dx.doi.org/10.2197/ipsjjip.27.564------------------------------
A critical computer security incident may cause great damage to an organization for example by a confidential data breach or malware pandemic. In order to avoid or mitigate such damage, a quick and accurate response against a computer security incident is becoming more important. In order to realize these quickness and accuracy, this paper presents the Incident Tracking System (ITS) that orchestrates several information systems and automates an initial incident response. The ITS automatically locates and isolates a suspicious host, and sends a mail notification to the person in charge of handling an incident. The ITS can also identify or suggest a user of the suspicious host by network authentication logs or other service logs.------------------------------This is a preprint of an article intended for publication Journal ofInformation Processing(JIP). This preprint should not be cited. Thisarticle should be cited as: Journal of Information Processing Vol.27(2019) (online)DOI http://dx.doi.org/10.2197/ipsjjip.27.564------------------------------
収録刊行物
-
- 情報処理学会論文誌
-
情報処理学会論文誌 60 (9), 2019-09-15
- Tweet
詳細情報 詳細情報について
-
- CRID
- 1050282813457325440
-
- NII論文ID
- 170000180444
-
- NII書誌ID
- AN00116647
-
- ISSN
- 18827764
-
- Web Site
- http://id.nii.ac.jp/1001/00199484/
-
- 本文言語コード
- en
-
- 資料種別
- journal article
-
- データソース種別
-
- IRDB
- CiNii Articles