IMPACT OF INCIDENT MANAGEMENT ON THE FUNCTIONING OF THE ORGANIZATION'S INFORMATION SECURITY MANAGEMENT SYSTEM

Abstract

The article discusses the development and implementation of the information security incident management process (IS) in accordance with the best practices of the IS Security Policy. The most common IS incidents are identified. The main key processes of the functioning of the information security management system (ISMS) are shown, which are included in the Security Policy documents and are performed at the organizational and technical levels in any organization. An important place in ensuring the information security of the organization is given to the incident management processes, due to which there is a need to create and implement and improve the information security incident management system (ISMS), which in turn should be included in the ISMS both organizationally and functionally. The ISMS should primarily perform the main task associated with organizing protection against new types of attacks (complex attacks, attacks distributed in time, and others). After receiving support from management, key persons in the incident management process are identified and roles are distributed between the process participants. The results of the research were obtained, where the problems associated with incident management were identified. The possibilities of SIEM systems for use in managing processes related to IS incidents were analyzed. The main functions of SIEM systems are as follows: data aggregation, correlation of events from different sources, event analysis and notification, monitoring the behavior of different systems, compatibility with other security management systems, storage of data on information security events. The proposed option of combining the elements of the SIEM system structure in the form of special modules will allow the use of automated traffic monitoring and analysis systems and thereby help to detect and respond to threats and incidents in real time. Further research can be aimed at developing new methods for predicting incidents and implementing automated response systems based on artificial intelligence. Problems that may arise in an organization and affect the management of information security incidents are considered. Such problems include: lack of management support, inconsistency of the organizational structure with the goals of incident management, frequent change of members of the IS incident response team (ISRT), lack of a communication process during communication, complexity of the information security incident management plan.

Keywords: information security, information, protection, information system, SIEM, ISMS