Specifics of incident response within spatially distributed automated information systems
Abstract
Specifics of incident response within spatially distributed automated information systems
Incoming article date: 04.03.2025Spatially distributed automated information systems have become an integral part of modern organizations. They are used in various spheres, including medicine, energy, finance, communications and governance. The number of information security incidents is increasing every year. The purpose of this study is to increase the efficiency of measures taken to plan and implement responses to information security incidents. Analysis and synthesis of available publicly materials were applied as research methods. The results of analysis of modern spatially distributed automated information systems and specifics of information security incidents response are presented in the article. The examples of spatially distributed automated information systems that used in different countries around the world are presented. The models of work organization of support teams (response team), including centralized, follow-the-sun and hybrid are presented. The factors that should be taken into account when planning and implementing measures of information security incidents response are proposed: used model for organization the work of response team; number of used independent communication channels; recovery time objective; recovery point objective; limitations of the response area in automatic mode.
Keywords: response measure, response team, cyber attack, computer network, communication channel