Automation of the process of responding to information security incidents of the organization

Abstract

The article discusses the process of automating the response to information security incidents of the organization. The main stages of automation planning, key points and a sequence of actions for developing a correct response scenario for a certain type of incident are recommended. As an example, the process of building a scenario for responding to a "phishing" incident in accordance with the set of information security solutions defined for the example, which may be available in the organization, is given. The corresponding steps of the response scenario are described in text, plan, and graphic format. A graphic example of the implementation of the developed plan in the SOAR class system is given.