The analysis of criteria for granting a mandate to an information security incident localization
Abstract
The analysis of criteria for granting a mandate to an information security incident localization
Incoming article date: 13.01.2025The number of information security incidents and the amount of damage caused by them are increasing every year. The relevance of information security incident response remains high. The primary response action is an information security incident localization. The purpose of this study is to reduce the time taken to localize detected information security incidents by information security incident response teams. The purpose is achieved by issuing and using a mandate for information security incident localization by orchestration tools and/or artificial intelligence systems in an automated mode. Analysis and synthesis of available publicly materials were applied as research methods. The results of the analysis and evaluation of different criteria applicability for granting a mandate to localize an information security incident in an incident response are presented in the article. A mandate is granted to orchestration tools and/or artificial intelligence systems to perform localization of an information security incident in an automatic mode, i.e., without the involvement of information security incident response team forces. In evaluation the applicability of various criteria for granting a mandate, unlike the known ones, the level of difficulty in determining values for the criteria in question by information security incident response team forces alone was assessed. Criteria and their values are defined, which, unlike the known ones, highlight the area for information security incidents localization in automatic mode.
Keywords: response team, response area, response, automatic localization, orchestration, artificial intelligence