Open AccessAdvanced IBM Qradar Incident Forensics enterprise information system cyber incident investigation technology
Author(s) -
I. S. Ishmetov,
AUTHOR_ID,
O. I. Gulyaeva,
K. O. Nechipurenko
Publication year - 2021
Publication title -
sučasnij zahist ìnformacìï
Language(s) - English
Resource type - Journals
ISSN - 2409-7292
DOI - 10.31673/2409-7292.2021.031723
Subject(s) - ibm , computer security , incident management , computer forensics , computer science , information system , network forensics , information technology , incident response , information security , business , engineering , digital forensics , operating system , materials science , electrical engineering , nanotechnology
The paper analyzes the problem of cybersecurity of the corporate information system and identifies the place, purpose and objectives of the investigation of cyber incidents of the corporate information system. The analysis of existing technologies of investigation of cyber incidents of the corporate information system is carried out. Methods and means of investigating cyber incidents of the corporate information system based on the IBM QRadar Incident Forensics solution are studied. The purpose, main functions and composition of the IBM QRadar Incident Forensics complex are determined. Based on the research conducted in the work, a variant of the technology of investigation of cyber incidents of the corporate information system and recommendations for the application of this technology in the enterprise have been developed. The technology of integration of IBM QRadar SIEM and IBM QRadar Incident Forensics is studied, the application of which increases the efficiency of the specialists of the Center for Cyber Security Management of the corporate information system.