The following information was submitted:
Transactions: WSEAS TRANSACTIONS ON COMPUTERS
Transactions ID Number: 29-644
Full Name: Pavel Kácha
Position: Researcher
Age: ON
Sex: Male
Address: Zikova 4, 160 00 Praha 6
Country: CZECH REPUBLIC
Tel: +420224355297
Tel prefix:
Fax:
E-mail address: ph@cesnet.cz
Other E-mails:
Title of the Paper: Adapting the Ticket Request System to the Needs of CSIRT Teams
Authors as they appear in the Paper: Pavel Kácha
Email addresses of all the authors: ph@cesnet.cz
Number of paper pages: 11
Abstract: CSIRTs (Computer Security Response Teams) are the natural response to the widespread internet threats. Many of them have grown of small, but focused groups of people, by streamlining and expanding of what they have been already doing as part of their IT administrative work. Formalisation of the procedures and workflows brings the need for specialised tools, helping with incident categorisation, authorisation of incident origin and general workflow. Also, special nature of incoming report emails introduces a new issues to otherwise well-known spam and backscatter fighting methods. As well as low level know-how, important part of security team practices are also higher level statistical analyses for pinpointing potential threats and trends. This paper proposes approaches to these problems and describes their implementation as modifications and supportive applications for Open Ticket Request System (OTRS), as well as experience from usage in the real world medium-size!
d security team.
Keywords: otrs, csirt, cert, security incident, metadata, issue management, Bayesian analysis, antispam, backscatter, statistics
EXTENSION of the file: .pdf
Special (Invited) Session: OTRS: Streamlining CSIRT Incident Management Workflow
Organizer of the Session: 620-205
How Did you learn about congress:
IP ADDRESS: 195.113.134.228