Romanian Journal of Information Technology and Automatic Control
Art. 03 – Vol. 26 – No. 4 – 2016
Mihnea Horia Vrejoiu
mihnea@dossv1.ici.ro
Ştefan Alexandru Preda
stefanalex@ici.ro
Mădălina Cornelia Zamfir
madalina@ici.ro
Vladimir Florian
vladimir@ici.ro
National Institute for Research & Development in Informatics, ICI Bucharest
Abstract: The problematics of informatics attacks, fraudulent network intrusion, system compromise, blocking of services, or data breach/theft, is of great actuality in the current context of expansion of the large scale informatization, both at the state institutions level and at the private entities of various dimensions level. Their negative effects, and also the high costs generated directly or indirectly, and those for the remedy of the damages produced, led to the necessity of developing and implementing specific methods and procedures for an efficient and quick response to such computer security incidents. This paper briefly presents the results and conclusions of a survey performed in 2014 by the SANSTM Institute, which provides an overview of the worldwide situation in the incident response (IR), and some future directions in this field.
Keywords: incident response (IR), IR team, DDoS attack, malware, unauthorized access, data breach/theft, security information and event management (SIEM).