Dynamic Playbooks Quality Metrics

Dynamic Playbooks Quality Metrics

연구 분야: Analysis

학회: 2024 International Russian Smart Industry Conference (SmartIndustryCon)

The text discusses the challenges and solutions related to dynamic control objects in the task of information security monitoring. New approaches for data collection and analysis, as well as the development of methods for creating dynamic incident response scenarios (playbooks), are highlighted. The focus is on resolving these challenges through the creation of applicable algorithms, models, methods, and security management approaches, including at the level of organizational processes, data handling, and formation of the organization's information security architecture. The work examines the problem of validating dynamic incident response scenarios in information security. Since it is impractical to allocate separate time for validation when forming a dynamic scenario, this issue is addressed through the selection of quality metrics applicable to the task. A set of quality metrics for a dynamic playbook is proposed, considering their use in the continuous detection and response cycle to information security incidents. An experiment confirming the applicability of these metrics in practice is conducted. The results can be used for simulation models, forming test scenarios for incident response, and improving existing static scenarios. Furthermore, the results can be integrated into orchestration tools for information protection systems, enhancing the effectiveness of information security incident response.