A Survey on the Status in the Incident Response Field

Art. 03 – Vol. 26 – No. 4 – 2016

Mihnea Horia Vrejoiu
Ştefan Alexandru Preda
Mădălina Cornelia Zamfir
Vladimir Florian
National Institute for Research & Development in Informatics, ICI Bucharest

Abstract: The problematics of informatics attacks, fraudulent network intrusion, system compromise, blocking of services, or data breach/theft, is of great actuality in the current context of expansion of the large scale informatization, both at the state institutions level and at the private entities of various dimensions level. Their negative effects, and also the high costs generated directly or indirectly, and those for the remedy of the damages produced, led to the necessity of developing and implementing specific methods and procedures for an efficient and quick response to such computer security incidents. This paper briefly presents the results and conclusions of a survey performed in 2014 by the SANSTM Institute, which provides an overview of the worldwide situation in the incident response (IR), and some future directions in this field.

Keywords: incident response (IR), IR team, DDoS attack, malware, unauthorized access, data breach/theft, security information and event management (SIEM).

View full article