Um processo de suporte e tomada de decisão no tratamento de incidentes de segurança
| Ano de defesa: | 2020 |
|---|---|
| Autor(a) principal: | |
| Orientador(a): | |
| Banca de defesa: | |
| Tipo de documento: | Dissertação |
| Tipo de acesso: | Acesso aberto |
| Idioma: | por |
| Instituição de defesa: |
Universidade Federal de Santa Maria
Brasil Ciência da Computação UFSM Programa de Pós-Graduação em Ciência da Computação Centro de Tecnologia |
| Programa de Pós-Graduação: |
Não Informado pela instituição
|
| Departamento: |
Não Informado pela instituição
|
| País: |
Não Informado pela instituição
|
| Palavras-chave em Português: | |
| Link de acesso: | http://repositorio.ufsm.br/handle/1/22451 |
Resumo: | Many organizations maintain an incident response team to mitigate the damage caused by incidents and immediately restore digital services. However, few of them learn from past experiences in a systematic way that allows them not only to respond to security incidents in the organization, but to manage this knowledge. In addition, there is a shortage of experienced security professionals. In this sense, the case-based reasoning technique has been applied in the recovery of incident handling plans. This paper revisits this approach and proposes a process with improvements for its better efficiency: a new way to categorize incidents based on international categories and the IODEF and STIX standards, which contributes to the mapping of incidents to incident handling tools; and the use of more then one similarity function to increase the accuracy of case recovery, enhancing the reuse of past experiences in resolving new security incidents. A tool prototype that includes the improvements was developed. The experiments demonstrated high levels of precision in the reuse of cases, increasing the quality in the handling of incidents, as well as demonstrating the capacity for systematic knowledge management. |