THE CONCEPT OF INFORMATION SECURITY MANAGEMENT BASED ON A CYCLE OF INFORMATION SECURITY INCIDENTS CONTINUOUS DETECTION AND RESPONSE
Keywords:
Information security management, process approach, security management algorithm, data-based management, continuous detection and responseAbstract
For dynamically changing management objects, new tasks arise in the task of information
security management, such as changing approaches to data collection and analysis, developing
dynamic scenarios for responding to information security threats. They should be solved through
the creation of algorithms, models, methods and approaches of security management applicable to
this task, including at the level of organizing processes, working with data and forming the organization's
information security architecture. In addition, for the development and formation of continuous
detection and response tools, it is necessary to propose new ways of integrating these algorithms
into the structure of the control object. At the same time, the creation of response systems
based on the new concept also involves changing the security management algorithms of such
systems in special cases, such as decentralized management, stability testing, cloud security services
and others that require separate research. At the same time, responding to information security
incidents should take into account the continuously changing threat landscape and reconfiguration
of the organization's infrastructure. Also, the development of the new concept presented in
the article was influenced by the concept of object-oriented programming in terms of the main
provisions. This work contains a description of the control concept based on a continuous detection
and response cycle, provides some algorithms and processes that distinguish the implementation
of the concept shown, as well as examples of their implementation. The practical examples
given in the article relate to issues such as the formation of the incident neighborhood, and allow
you to form the context of information security management. In addition, an approach to automation
of information security management processes is shown. The results of the work can be used
both for simulation models and for implementation as a set of information security management
processes in practical tasks. In addition, the results obtained can be integrated into orchestration
tools for information security systems, which increases the effectiveness of responding to information
security incidents.
