Modeling incident management processes in information security at an enterprise

Objectives. The primary aim of the study is to develop a model for managing information security incidents within an enterprise that minimizes damage and costs associated with incident resolution under limited resources and time constraints.

Methods. The paper analyzes existing approaches to managing information security incidents, including mathematical and simulation models, stochastic differential equations, Markov chains, and other methods. The study is based on a systems approach, incorporating analysis of incident parameters, actions for their resolution, response times, damages due to incident occurrence, and the probability of incident elimination. To validate the developed model, synthetic data reflecting various types of incidents and possible actions were used.

Results. The proposed model optimizes incident management by minimizing damage and costs. It considers parameters such as incident criticality, available resources, response time, and the likelihood of successful incident resolution. Testing of the model on synthetic data showed that the proposed approach significantly improves the selection of optimal actions for responding to incidents in situations constrained by budget and time limitations, thereby enhancing the overall effectiveness of incident management.

Conclusions. Implementing the proposed model in enterprises will improve the overall level of information security, enhance incident response efficiency, and strengthen information protection processes. This will ensure the minimization of risks associated with data leaks and other incidents, thus helping enterprises to make informed and timely decisions under conditions of limited resources and time.

1. Żywiolek J., di Taranto A. Creating value added for an enterprise by managing information security incidents. System Safety: Human – Technical Facility – Environment. 2019;1(1):156–162. https://doi.org/10.2478/CZOTO-2019-0020

2. Zidan K., Alam A., Allison J., Al-sherbaz A. Assessing the challenges faced by Security Operations Centers (SOC). In: Arai K. (Ed.). Advances in Information and Communication. FICC 2024. Lecture Notes in Networks and Systems. Springer; 2024. V. 920. P. 256–271. https://doi.org/10.1007/978-3-031-53963-3_18

3. Sackey A. Information Security Incident Handling in the Cloud. In: Book Chapter Series on Research Nexus in IT, Law, Cyber Security & Forensics. 2022. P. 103–108. https://doi.org/10.22624/AIMS/CRP-BK3-P17

4. Demina A.K. Information security incident management. Mezhdunarodnyi zhurnal gumanitarnykh i estestvennykh nauk = International Journal of Humanities and Natural Sciences. 2024;5–1(92):227–231 (in Russ.). https://doi.org/10.24412/2500-1000-2024-5-1-227-231, available from URL: https://elibrary.ru/aizkwa

5. Khorev P.B., Karpeeva V.A. Software tools for analyzing information security incidents based on monitoring of information resources. In: 2022 6th International Conference on Information Technologies in Engineering Education (Inforino). IEEE; 2022. https://doi.org/10.1109/Inforino53888.2022.9782979, available from URL: https://elibrary.ru/qjfmzi

6. Maksimova E.A. Cognitive modeling of destructive malicious impacts on critical information infrastructure objects. Trudy uchebnykh zavedenii svyazi = Proceedings of Telecommunication Universities. 2020;6(4):91–103 (in Russ). https://doi.org/10.31854/1813-324X-2020-6-4-91-103, available from URL: https://elibrary.ru/lirtxz

7. Kotenko I.V., Parashchuk I.B. Model of security information and event management system. Vestnik Astrakhanskogo gosudarstvennogo tekhnicheskogo universiteta. Seriya: Upravlenie, vychislitel’naya tekhnika i informatika = Vestnik of Astrakhan State Technical University. Series: Management, Computer Science and Informatics. 2020;2:84–94 (in Russ). https://doi.org/10.24143/2072-9502-2020-2-84-94, available from URL: https://elibrary.ru/owaldx

8. Kotenko I., Parashchuk I. An approach to modeling the decision support process of the security event and incident management based on Markov chains. IFAC-PapersOnLine. 2019;52(13):934–939. https://doi.org/10.1016/j.ifacol.2019.11.314, available from URL: https://elibrary.ru/eqccxc

9. Dohtieva I., Shyian A. Simulation of the work of the information security incident response team during cyberattacks. Herald of Khmelnytskyi National University. 2021;303(6):115–123.

10. Mikryukov A.A., Kuular A.V. Development of an incident management model in an enterprise information system based on a three-tier architecture using key (relevant) metrics. Otkrytoe obrazovanie = Open Education. 2020;24(3):78–86 (in Russ.). https://doi.org/10.21686/1818-4243-2020-3-78-86, available from URL: https://elibrary.ru/fcqjjr

11. Mouratidis H., Islam S., Santos-Olmo A., Sanchez L.E., Ismail U.M. Modelling language for cyber security incident handling for critical infrastructures. Comput. Secur. 2023;128(8):103139. https://doi.org/10.1016/j.cose.2023.103139

12. Renners L., Heine F., Kleiner C., Rodosek G. Design and evaluation of an approach for feedback-based adaptation of incident prioritization. In: 2019 2nd International Conference on Data Intelligence and Security (ICDIS). IEEE: 2019. P. 28–35. https://doi.org/10.1109/ICDIS.2019.00012

13. Maksimova E., Sadovnikova N. Proactive modeling in the assessment of the structural functionality of the subject of critical information infrastructure. In: Kravets A.G., Shcherbakov M., Parygin D., Groumpos P.P. (Eds.). Creativity in Intelligent Technologies and Data Science (CIT&DS 2021). Communications in Computer and Information Science. Springer; 2021. V. 1448. P. 436–448. https://doi.org/10.1007/978-3-030-87034-8_31

14. Alin Z., Sharma R. Cybersecurity management for incident response. Romanian Cyber Security Journal. 2022;4(1):69–75. Available from URL: https://elibrary.ru/ihxntg