Log Management & Incident Handling

A large percentage of data breaches occur because many organizations fail to monitor the (internal or external) activities of their networks properly and comprehensively.
Network activity monitoring should be applied to all organizations (regardless of their size).
Precautionary measures are considered necessary to ensure the availability, the integrity, and the confidentiality of the transferred information. Such a basic measure is considered the monitoring of transferred data as well as their recording (to Log Files) for further control through application software known as Log Management Applications. Such a software system can be used to detect anomalies in a network, data breaches attempts and cybersecurity attacks, known as security incidents.
Accordingly, application software should be used to manage such security incidents of an organization, using the logs as its main source of information. All these events, a system should be able to differentiate them (in order to be treated differently) into the following two categories:
• Security events and
• Security incidents
A security event is an (intentional or unintentional) action that did not end-up with a security breach (for example: a series of failed login entry attempts to an application). A security incident is an event that have a breach of security as a result, i.e. the violation of availability and / or the integrity and / or confidentiality of critical data or the information systems that host them.

The life cycle of a security event is often described in the following distinct steps:

1. Detection
Automatic detection of a security event through software (eg through a SIEM (Security Information and Even Management), an IPS (Intrusion Prevention System), or an IDS (Intrusion Detection System)) or a detection by an end user.
2. Registration
The event is inserted into the system, either automatically from a log file or manually by the user.
3. Categorization
It is defined whether we have an event or a security incident. This step, as well as the following steps, is usually performed by qualified personnel (e.g. IT Security Engineer, persons with IT technical background, a Security Officer, etc.).
4. Prioritization
Prioritize the event. Special consideration must be performed in this step, whether an update to the authorities is required (e.g. prosecuting authorities, personal data protection authorities).
5. Processing
In this step the appropriate actions are taken in order to resolve the incident. This step can involve persons from the more than one technical departments (eg IT dept, Development dept) or from other departments, such as the Legal department, the DPO (Data Protection Officer) etc., depends on the nature and the type of the incident.
6. Close
Closing the incident and recording the corrective actions as well as the specific measures to be taken to reduce the possibility of the reoccurrence of the incident.
7. Reporting
Extract reports for all security events based on specific KPIs (e.g. number of events in specific period, number of incidents in specific period, number of recurrent incidents, average time of response for specific incidents, etc.).

Do you want to discuss about your needs and provide you the right solutions?

BSc in Computer Science, University of Crete, and MSc in International Marketing, University of London. She is experienced in auditing Management Systems and has been working for more than a decade in international group of companies, specializing in the sector of Sales, Marketing and Corporate Communication.
Lilly Mylona
Sales, Director

Contact with

Mrs. Lily Mylona,

Sales Director, PRIORITY

[email protected]

T. 210 2509900