2026-04-14T08:34:35Z
https://ipsj.ixsq.nii.ac.jp/oai
oai:ipsj.ixsq.nii.ac.jp:00192261
2025-01-20T00:13:40Z
6164:6165:6462:9599
On Automation and Orchestration of an Initial Computer Security Incident Response Using Centralized Incident Tracking System
On Automation and Orchestration of an Initial Computer Security Incident Response Using Centralized Incident Tracking System
大森, 幹之
東野, 正幸
川戸, 聡也
宮田, 直輝
高橋, 健一
川村, 尚生
Motoyuki, Ohmori
Masayuki, Higashino
Toshiya, Kawato
Naoki, Miyata
Kenichi, Takahashi
Takao, Kawamura
Computer Security Incident Response,Network Operation,CSIRT,automation and orchestration
A critical computer security incident may cause great damage on an organization such as confidential data breach or malware pandemic.In order to avoid or mitigate such damage, a quick and accurate response against a computer security incident has been then getting more important.In order to realize these quickness and accuracy, this paper presents the Incident Tracking System (ITS) that orchestrates several information systems and automate an initial incident response.The ITS automatically locates and isolates a suspicious host, and sends a mail notification to a person in charge of handling an incident.The ITS can also identify or suggest a user of the suspicious host by network or other service authentication logs.
A critical computer security incident may cause great damage on an organization such as confidential data breach or malware pandemic.In order to avoid or mitigate such damage, a quick and accurate response against a computer security incident has been then getting more important.In order to realize these quickness and accuracy, this paper presents the Incident Tracking System (ITS) that orchestrates several information systems and automate an initial incident response.The ITS automatically locates and isolates a suspicious host, and sends a mail notification to a person in charge of handling an incident.The ITS can also identify or suggest a user of the suspicious host by network or other service authentication logs.
conference paper
情報処理学会
application/pdf
コンピュータセキュリティシンポジウム2018論文集
2
2018
1178
1185
https://ipsj.ixsq.nii.ac.jp/record/192261/files/IPSJCSS2018166.pdf
eng
ISSN 1882-0840