Assessment of the Level of Trust, in the Information Security Incident Management Process

The existing methods for assessing the level of trust in the information security incident management process and in the processes of information security event monitoring systems are extremely limited. These methods are based on an expert assessment and are periodic in nature with a long-time interval between assessments. The purpose of this study is to develop a methodology for assessing the level of trust in the information security incident management process, which is suitable for an automated assessment with minimal expert participation. As a result of the work, a methodology has been developed to assess the level of confidence in the information security incident management process, which includes a list of trust criteria and metrics for their assessment. The methodology is based on the SOMM methodology and GOST ISO/IEC 27035. The developed methodology is based on a three-stage assessment of trust indicators: assessment of trust metrics, assessment of trust criteria, assessment of the level of trust in the information incident management process.

1. Veligodskii S. S., Miloslavskaya N. G. Unifitsirovannaya model' zrelosti tsentrov upravleniya setevoi bezopasnost'yu informatsionno-telekommunikatsionnykh setei [Unified Maturity Model for Network Security Control Centers of Information and Telecommunication Networks]. Izvestiya Yuzhnogo federal'nogo universiteta. Tekhnicheskie nauki., 2023, no. 3 (233), pp. 157-172.

2. Seleznev V. M., Borovskaya O. E. Vstraivanie instrumentov SOAR-platform v ekosistemu SOC dlya avtomatizatsii protsessa reagirovaniya na intsidenty IB [Embedding SOAR platform tools into the SOC ecosystem to automate the process of responding to information security incidents]. International Research Journal, 2022, no. 10 (124), pp. 1-9.

3. Verevkin S. A., Kravchuk A. V., Belyakov M. I. Metodika upravleniya intsidentami informatsionnoi bezopasnosti na ob"ektakh kriticheskoi informatsionnoi infrastruktury [Information Security Incident Management Methodology at Critical Information Infrastructure Facilities]. Izvestiya Tul'skogo gosudarstvennogo universiteta. Tekhnicheskie nauki, 2022, no. 8, pp. 116-120.

4. Sukhov A. M. Otsenivanie effektivnosti protsessa funktsionirovaniya sistemy obespecheniya informatsionnoi bezopasnosti na osnove teorii stokhasticheskoi indikatsii [Evaluation of the Efficiency of the Information Security System Functioning Process Based on the Stochastic Indication Theory]. Informatsionno-upravlyayushchie sistemy, 2022, no. 3, pp. 31-44.

5. Ivanov A. V., Nikroshkin I. V., Ognev I. A., Kiselev M. A. Primenenie sredstv ekspertizy Blue Team v protsesse monitoringa informatsionnykh sistem na primere platformy TI (Threat Intelligence) [Application of the Blue Team expertise tools in the process of monitoring information systems on the example of the TI platform (Threat Intelligence)]. Bezopasnost' tsifrovykh tekhnologii, 2023, no. 2 (109), pp. 34-51. DOI: 10.17212/2782-2230-2023-2-34-51.

6. Reva I. L., Medvedev M. A., Vorontsova I. V. Issledovanie problematiki metodik opredeleniya tipa kontenta vo vkhodyashchem trafike [Study of the issues of methods for determining the type of content in incoming traffic]. Sistemy analiza i obrabotki dannykh, 2023, no. 4 (92), pp. 69-84. DOI: 10.17212/2782-2001-2023-4-69-84.

7. Prikaz Federal'noi sluzhby po tekhnicheskomu i eksportnomu kontrolyu ot 11 fevralya 2013 g. N 17 "Ob utverzhdenii Trebovanii o zashchite informatsii, ne sostavlyayushchei gosudarstvennuyu tainu, soderzhashcheisya v gosudarstvennykh informatsionnykh sistemakh" [Order of the Federal Service for Technical and Export Control No. 17 of February 11, 2013 "On Approval of the Requirements for the Protection of Information Not Constituting a State Secret Contained in State Information Systems"].

8. Prikaz Federal'noi sluzhby po tekhnicheskomu i eksportnomu kontrolyu ot 18 fevralya 2013 g. N 21 "Ob utverzhdenii Sostava i soderzhaniya organizatsionnykh i tekhnicheskikh mer po obespecheniyu bezopasnosti personal'nykh dannykh pri ikh obrabotke v informatsionnykh sistemakh personal'nykh dannykh [Order of the Federal Service for Technical and Export Control No. 21 of February 18, 2013 "On Approval of the Composition and Content of Organizational and Technical Measures to Ensure the Security of Personal Data During Their Processing in Personal Data Information Systems"].

9. Prikaz Federal'noi sluzhby po tekhnicheskomu i eksportnomu kontrolyu ot 14 marta 2014 g. N 31 "Ob utverzhdenii Trebovanii k obespecheniyu zashchity informatsii v avtomatizirovannykh sistemakh upravleniya proizvodstvennymi i tekhnologicheskimi protsessami na kriticheski vazhnykh ob"ektakh, potentsial'no opasnykh ob"ektakh, a takzhe ob"ektakh, predstavlyayushchikh povyshennuyu opasnost' dlya zhizni i zdorov'ya lyudei i dlya okruzhayushchei prirodnoi sredy" [Order of the Federal Service for Technical and Export Control No. 31 of March 14, 2014 "On Approval of the Requirements for Ensuring Information Security in Automated Control Systems for Production and Technological Processes at Critical Facilities, Potentially Hazardous Facilities, as well as Facilities Posing an Increased Danger to Human Life and Health and the Environment"]

10. Prikaz Federal'noi sluzhby po tekhnicheskomu i eksportnomu kontrolyu ot 25 dekabrya 2017 g. N 239 "Ob utverzhdenii Trebovanii po obespecheniyu bezopasnosti znachimykh ob"ektov kriticheskoi informatsionnoi infrastruktury Rossiiskoi Federatsii" [Order of the Federal Service for Technical and Export Control No. 239 of December 25, 2017 "On Approval of the Requirements for Ensuring the Security of Significant Facilities of the Critical Information Infrastructure of the Russian Federation"].

11. Selifanov V. V., Anikeeva V. V., Ognev I. A. Voprosy otsenki doveriya k sisteme upravleniya riskami [Issues of assessing the credibility of the risk management system]. Bezopasnost' tsifrovykh tekhnologii, 2023, no. 1 (108), pp. 69-82. DOI: 10.17212/2782-2230-2023-1-69-82.

12. Security Operations Maturity Model. StarLink, available at: https://assets.starlinkme.net/gitex-vendor-assets/logrhythm/uk-security-operations-maturitymodel-white-paper.pdf (accessed: 30.01.2024).

13. Al-Matari O. M. M., Helal I. M. A., Mazen Sh. A., Elhennawy Sh. Adopting security maturity model to the organizations’ capability model. Egyptian Informatics Journal., 2021, no. 2 (22), pp. 193-199.

14. Muthukrishnan S. M., Palaniappan S. Security metrics maturity model for operational security. 2016 IEEE Symposium on Computer Applications & Industrial Electronics (ISCAIE), Penang, IEEE Xplore, 2016, pp. 101-106.

15. Sulistyowati D., Handayani F., Suryanto Y. Comparative Analysis and Design of Cybersecurity Maturity Assessment Methodology Using NIST CSF, COBIT, ISO/IEC 27002 and PCI DSS. International Journal on Informatics Visualization, 2020, vol 4, no. 4, pp. 225-230.

16. Rabii A., Assoul S., Ouazzani Touhami K., Roudies O. Information and cyber security maturity models: a systematic literature review. Information and Computer Security, 2020, vol.28, no. 4, pp. 627-644.

17. Arenas E., Palomino J., Mansilla J. Cybersecurity Maturity Model to Prevent Cyberattacks on Web Applications Based on ISO 27032 and NIST. 2023 IEEE XXX International Conference on Electronics, Electrical Engineering and Computing (INTERCON), Lima, IEEE Xplore, 2023, pp. 1-8.

18. ISO/IEC 27035-1:2023 Information technology. Information security incident management. Part 1: Principles and process.

19. GOST R 57580.2-2018 «Bezopasnost' finansovykh (bankovskikh) operatsii. Zashchita informatsii finansovykh organizatsii. Bazovyi sostav organizatsionnykh i tekhnicheskikh mer. Metodika otsenki sootvetstviya» [GOST R 57580.2-2018 "Security of Financial (Banking) Transactions. Protection of information of financial institutions. Basic composition of organizational and technical measures. Conformity Assessment Methodology"].

20. GOST R 57580.1-2017 «Bezopasnost' finansovykh (bankovskikh) operatsii. Zashchita informatsii finansovykh organizatsii. Bazovyi sostav organizatsionnykh i tekhnicheskikh mer» [GOST R 57580.1-2017 "Security of Financial (Banking) Transactions. Protection of information of financial institutions. Basic Composition of Organizational and Technical Measures"].