UET.SIR: An e-Government Information Security Incident Management Support Solution
DOI:
https://doi.org/10.54654/isj.v1i16.267Keywords:
information security incident, information security incident evidence, information security incident handlingTóm tắt
Abstract— This paper presents the results of research on building solutions to support information security incident handling in organizations. The proposed solution includes both the procedure for information security incident handling, and the UET.SIR system for supporting information security handling. The process is built on a combination of national and international standards, but is customized to suit e-government practices. The UET.SIR system includes a dedicated USB for collecting digital evidence of ATTT incidents and central software with evidence analysis functions to detect the cause and provide support incident handling. The test results of the UET.SIR system at the Ministry of Natural Resources and Environment have initially demonstrated its practical applicability and support for information security incident handling.
Downloads
References
. T. Sethi and R. Mathew, "A Study on Advancement in Honeypot based Network Security Model," 2021 Third International Conference on Intelligent Communication Technologies and Virtual Mobile Networks (ICICV), 2021, pp. 94-97.
. Ổn, P. V., Hà, L. V., & Hóa, N. N. (2022). Giải pháp đánh giá và quản lý rủi ro an toàn thông tin trong Chính phủ điện tử. Journal of Science and Technology on Information Security, 1(13), 35-48. https://doi.org/10.54654/isj.v1i13.144
. Shiva V. N Parasram (2017): Digital Forensics with Kali Linux. Packt Publisher.
. Ir – Rescue, URL: https://github.com/diogo-fernan/ir-rescue.
. S. B. Deb and A. Chetry, "USB Device Forensics: Insertion and removal timestamps of USB devices in Windows 8," 2015 International Symposium on Advanced Computing and Communication (ISACC), Silchar, 2015, pp. 364-371.
. Sajedul Talukder1 (2020), Tools and Techniques for Malware Detection and Analysis.
. Abhishek Srivastav, Irman Ali (2014), “Network Forensics an emerging approach to an network analysis”, International Journal of Computer Science & Engineering Technology (IJCSET). Vol. 5 No. 02 Feb 2014, pp 118-123.
. Samir Datt (2016), Learning Network Forensics. Packt Publishing, Birmingham, UK
. M. Cohen, "Forensic analysis of windows user space applications through heap allocations," 2015 IEEE Symposium on Computers and Communication (ISCC), Larnaca, 2015, pp. 237-244.
. Y.C. Liao and H. Langweg, "Events and causal factors charting of kernel traces for root cause analysis," 2015 IEEE Symposium on Computers and Communication (ISCC), Larnaca, 2015, pp. 245-250.
. Sajedul Talukder1 and Zahidur Talukder, A survey on malware detection and analysis tools, International Journal of Network Security & Its Applications (IJNSA) Vol. 12, No.2, March 2020, pp 37-57.
. ISO/IEC 27035:2016— Information technology — Security techniques — Information security incident management.
. ISO/IEC 27037:2012 — Information technology — Security techniques — Guidelines for identification, collection, acquisition, and preservation of digital evidence.
. ISO/IEC 27042:2015— Information technology — Security techniques — Guidelines for the analysis and interpretation of digital evidence.
. Nguyễn Ngọc Hóa, Phùng Văn Ổn (2021): Báo cáo tổng hợp kết quả đề tài nghiên cứu cấp Quốc gia về "Nghiên cứu, xây dựng hệ thống đánh giá, quản lý rủi ro và hỗ trợ xử lý sự cố an toàn thông tin trong chính phủ điện tử", mã số KC01.19/16-20.
. Lê Hồng Hải, Phùng Văn Ổn, Tống Minh Đức, Ngô Quang Huy, Nguyễn Ngọc Hóa, “UET.SIR: Giải pháp hỗ trợ xử lý sự cố an toàn thông tin trong chính phủ điện tử”, kỷ yếu hội thảo Một số vấn đề chọn lọc của Công nghệ thông tin và Truyền thông", 2021.
Downloads
Published
How to Cite
Issue
Section
License
Proposed Policy for Journals That Offer Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
Proposed Policy for Journals That Offer Delayed Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication, with the work [SPECIFY PERIOD OF TIME] after publication simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).