The logic of incident detection is not communicated

Solve china dataset issues with shared expertise and innovation.
Post Reply
rakhirhif8963
Posts: 542
Joined: Mon Dec 23, 2024 3:13 am

The logic of incident detection is not communicated

Post by rakhirhif8963 »

"Fire" and forget. Funding for situation centers often ends with implementation, and the provision of resources for day-to-day operations turns out to be insufficient.

to the duty shift. Insufficient communication between monitoring operators and analysts leads to the fact that the created content (rules, reports, dashboards) is not used or is used ineffectively.

Insufficient flexibility. Attack technologies used by intruders are constantly being improved, which places high demands on the technical capabilities of the monitoring system, the complexity of modification and maintenance of correlation logic, while simultaneously ensuring established procedures and SLA.

It is difficult to define criticality. The costs of ensuring security and investigating incidents never allow for 100% coverage. A successful SOC must have clear parameters for defining incident criticality and use a risk-based approach.

Failure to use best practices. Industry and informal communities allow for the exchange of relevant information on countering attackers. Situation centers that do not use these opportunities are less effective.

Security Tales: Spy Cigarettes
Vladimir Bezmaly | 22.06.2017
- Mr. Commissioner! We urgently need to somehow download the file from Don Vittorio's computer. But the problem is that it is impossible to do this from the outside, and we do not have physical access to the laptop.

- Call the department of intellectual crimes. But first, get as much information as possible about Don Vittorio. You may be asked some very strange questions.

Three days have passed.

- Johann, this is the police morocco mobile database calling you. We have a request for your help.

- Good afternoon, Mr. Commissioner. What happened?

— We need to download a file from Don Vittorio's laptop. But he doesn't let anyone but his son access it, and it can't be done from the Internet. Can you help?

- Of course. And what do you know about his son?

— Young man. Frequent of trendy parties. Doesn't indulge in drugs. Smokes only electronic cigarettes. Frequently visits the bar "Full Moon".

- Mr. Commissioner, do you have your own skilled pickpocket?
Top
Post Reply

Return to “China Dataset”