Criteria and indicators for assessing the quality of the investigation of an information security incident as part of a targeted cyberattack

Criteria and indicators for assessing the quality of the investigation of an information security incident as part of a targeted cyberattack

Objectives. The currently increasing number of targeted cyberattacks raises the importance of investigating information security incidents. Depending on the available means of protection, computer forensic experts use software and hardware tools for analyzing digital artifacts of various operating s...

Full description

Saved in:
Bibliographic Details
Main Authors: S. I. Smirnov, M. A. Eremeev, Sh. G. Magomedov, D. A. Izergin
Format: Article
Language:Russian
Published: MIREA - Russian Technological University 2024-05-01
Series:Российский технологический журнал
Subjects:
information security incident
targeted cyberattack
cyber incident investigation
mitre att&ck matrix
digital artifact
information security threat assessment
targeted process
quality assessment criteria and indicators
Online Access:https://www.rtj-mirea.ru/jour/article/view/916
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Objectives. The currently increasing number of targeted cyberattacks raises the importance of investigating information security incidents. Depending on the available means of protection, computer forensic experts use software and hardware tools for analyzing digital artifacts of various operating systems and network traffic to create an event chronology (timeline) of the incident. However, to date, there is no formal approach for assessing the effectiveness of expert activities when investigating an information security incident within the framework of a targeted cyberattack. The present study aims to develop partial indicators of promptness, effectiveness, and resource intensity as part of the suitability criterion for investigating an information security incident.Methods. Methods informed by purposeful process efficiency and set theory are used along with expert evaluation approaches.Results. An analysis of works in the field of investigation of computer incidents is presented. The terminology and main guiding documents on specifics of conducting information security incident investigations are described along with examples of digital artifacts defined in the form of classification. The expediency of forming criteria and indicators for assessing the quality of an information security incident investigation is substantiated. The suitability criterion and subsequent indicators for assessing the quality of the investigation are selected: the effectiveness (completeness) indicator for detecting digital artifacts by a computer criminologist is based on the conducted activities, resource intensity indicator, and promptness indicator for investigating an information security incident.Conclusions. The obtained results can be used not only by heads of departments but also by rank-and-file information security professionals for objective analysis of the available software and human resources, the time spent on these activities, and the identified digital artifacts as part of a cyber incident investigation.
ISSN:2782-3210
2500-316X

Similar Items