Incident Handling and Response Process in Security Operations
Agbede, Oluwabunmi Michael (2023)
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-202305098531
https://urn.fi/URN:NBN:fi:amk-202305098531
Tiivistelmä
In today's digital age, ensuring the security of an organization's information and assets is critical to its success. Information security incidents are becoming more diverse, damaging, and disruptive, leaving organizations with a massive task on their hands to ensure the confidentiality, integrity, and availability of their systems, proprietary and confidential data. A breach of which could be highly detrimental to the organization. Therefore, to protect the organization, it is crucial to have an effective security operations program, which in addition to protecting the organization against security threats require the development and implementation of a process which allows the organization to respond to security incidents quickly and effectively.
The objective of this Thesis is to develop a practical process for security incident handling and response that could help the case company detect, analyze, contain, eradicate, and recover from security incidents, minimizing their impact and preventing future incidents. It employs a constructive research approach in achieving the objective, leveraging a collaborative development approach to involve stakeholders across the organization. The data was gathered through literature review, observations, and group discussions with stakeholders from the case organization. The Thesis draws on existing standards and literature on information security incident management, such as NIST 800-61: Computer Security Incident Handling Guide, and ISO/IEC 27035: Information technology — Information security incident management series, to form the theoretical framework of the Thesis.
The security incident handling and response process which is the outcome of this Thesis fits the need of the case company. The process was developed through a series of cycles of data collection, analysis, and evaluation, which allowed for the incorporation of feedback from stakeholders and the identification of areas that required improvement. This iterative process ensured that the process is continually refined and improved to ensure its effectiveness to meet the needs of the case company.
The process establishes guidelines for handling security incidents including reporting, triaging and responding to incidents, roles, and responsibilities of stakeholders during incident response, communication and escalation procedures, and follow-up actions. The implementation of the process enables the case company to be sufficiently prepared to respond to security incidents, ensuring that its security operations program is relevant and effective in today's rapidly evolving threat landscape.
The objective of this Thesis is to develop a practical process for security incident handling and response that could help the case company detect, analyze, contain, eradicate, and recover from security incidents, minimizing their impact and preventing future incidents. It employs a constructive research approach in achieving the objective, leveraging a collaborative development approach to involve stakeholders across the organization. The data was gathered through literature review, observations, and group discussions with stakeholders from the case organization. The Thesis draws on existing standards and literature on information security incident management, such as NIST 800-61: Computer Security Incident Handling Guide, and ISO/IEC 27035: Information technology — Information security incident management series, to form the theoretical framework of the Thesis.
The security incident handling and response process which is the outcome of this Thesis fits the need of the case company. The process was developed through a series of cycles of data collection, analysis, and evaluation, which allowed for the incorporation of feedback from stakeholders and the identification of areas that required improvement. This iterative process ensured that the process is continually refined and improved to ensure its effectiveness to meet the needs of the case company.
The process establishes guidelines for handling security incidents including reporting, triaging and responding to incidents, roles, and responsibilities of stakeholders during incident response, communication and escalation procedures, and follow-up actions. The implementation of the process enables the case company to be sufficiently prepared to respond to security incidents, ensuring that its security operations program is relevant and effective in today's rapidly evolving threat landscape.