Article Sidebar

Tiếng Viêth
Date Published: 23/01/2025
Abstract Views: 31
Views Tiếng Viêth: 15
DOI: https://doi.org/10.54607/hcmue.js.22.1.4352(2025)
Issue
Vol. 22 No. 1 (2025)
Section
Articles
How to Cite
Nguyễn , H. T., & Huỳnh , T. T. (2025). AUTOMATIC INCIDENT MONITORING AND RESPONSE FRAMEWORK: BEST PRACTICES FOR SMALL AND MEDIUM-SIZED ENTERPRISES. HCMUE Journal of Science, 22(1), 27-38. https://doi.org/10.54607/hcmue.js.22.1.4352(2025)

AUTOMATIC INCIDENT MONITORING AND RESPONSE FRAMEWORK: BEST PRACTICES FOR SMALL AND MEDIUM-SIZED ENTERPRISES

Hoàng Thành Nguyễn 1, , Trọng Thưa Huỳnh 1
1 Học viện Công nghệ Bưu chính Viễn thông

Main Article Content

Abstract

In today's digital landscape, small and medium-sized enterprises (SMEs) often rely on limited internal resources or external assistance for incident response. While larger corporations often adhere to standards such as ISO 2700x, SMEs face unique challenges in adapting to rapidly evolving cyber threats. Automated incident monitoring and response systems have become essential for protecting sensitive information, maintaining business continuity, and ensuring regulatory compliance. However, most existing security monitoring and incident handling platforms are costly, insufficiently automated, and require highly skilled personnel, making them impractical for SMEs. This research proposes a framework that addresses these challenges by integrating log data from existing monitoring systems with modern, automated incident response techniques. Designed to be cost-effective and user-friendly, the proposed solution enables SMEs to develop and implement an automated monitoring and response system without extensive resources or expertise. By offering a practical, accessible approach to cybersecurity, this framework aims to enhance SMEs' ability to defend their information systems, fostering a proactive and self-sufficient information security posture.

Keywords

automation, detection, incident response, monitoring, SME, threat

Article Details

References

Ashley, O., Atif, A., & Sean, M. (2021). Cybersecurity Incident Response in Organisations: A Meta-level Framework for Scenario-based Training. Australasian Conference on Information Systems, Cryptography and Security, (pp. 1-11). Sydney. https://doi.org/10.48550/arXiv.2108.04996
Authority of Information Security. (2024). Báo cáo an toàn thông tin mạng Việt Nam [Vietnam network information security report](tháng 3/2024). Ministry of Information and Communications
Avi, S., Yulia, C., Pete, B., & Peter, M. (2023). Operations-informed incident response playbooks. Elsevier Journal of Computers & Security, 134(C). https://doi.org/10.1016/j.cose.2023.103454
Dun, Y., Razak, M., Mohamad, F., Tan, F., & Ahmad, F. (2022). Hermes Ransomware v2.1 Action Monitoring using Next Generation Security Operation Center (NGSOC) Complex Correlation Rules. International Journal on Advanced Science, Engineering and Information Technology, 12(3), 1287-1292. https://doi.org/10.18517/ijaseit.12.3.15329
Huynh, T. T, Nguyen, H. T. Thua, H., & Thanh, N. (2020). Nâng cao hiệu quả phát hiện xâm nhập mạng bằng huấn luyện DSD [Enhancing network intrusion detection efficiency using DSD]. Journal of Science and Technology of Information and Communication, 03(CS.01), 54-61.
IBM. (2024, Sep 13). IBM QRadar SIEM. Retrieved from https://www.ibm.com/products/qradar-siem
Islam, C., Babar, M., Croft, R., & Janicke, H. (2022, June). SmartValidator: A framework for automatic identification and classification of cyber threat data. Journal of Network and Computer Applications, 202, 1-24. https://doi.org/10.1016/j.jnca.2022.103370
Le, Q. M., Doan, H. H., Nguyen, N. T., Cu, K. L., & Nguyen, M. P. (2017, June). An Assessment Model for Cyber Security of Vietnamese Organization. VNU Journal of Science: Policy and Management Studies, 33(2), 97-103. https://doi.org/10.25073/2588-1116/vnupam.4102
Nguyen, T. P. T., Le, T. H.., Hoang, V, T., & Dinh, T. N. H (2022). Cyber Attacks and Security System Design Solutions in Emerging Markets and Vietnam. Ambient Communications and Computer Systems (pp. 521-528). Singapore: Springer. https://doi.org/10.1007/978-981-16-7952-0_49
OpenText. (2024, Sep 13). ArcSight Enterprise Security Manager. https://www.opentext.com/products/arcsight-enterprise-security-manager
Rajesh, P., Alam, M., Tahernezhadi, T., Monika, A., & Chanakya, G. (2022). Analysis Of Cyber Threat Detection And Emulation Using MITRE Attack Framework. International Conference on Intelligent Data Science Technologies and Applications, (pp. 4-12). San Antonio, Texas, USA. https://doi.org/10.1109/IDSTA55301.2022.9923170
Splunk. (2024, Sep 12). Splunk Enterprise Security. https://www.splunk.com/en_us/products/enterprise-security.html
Thanh, N. (2024, July 12). GitHub. Retrieved from https://github.com/hthanhsg/automatic-security-incident-response-and-monitoring-framework/
Tanwir, A., & Dragos, T. (2023). Efficient Early Anomaly Detection of Network Security Attacks Using Deep Learning. IEEE International Conference on Cyber Security and Resilience (CSR) (pp. 154-159). Venice, Italy: IEEE. https://doi.org/10.1109/csr57506.2023.10224923
Trellix. (2024, Sep 13). XDR Platform. Retrieved from https://www.trellix.com/platform/
Verizon. (2024). Data Breach Investigations Report (DBIR) 2024. California : Verizon Business.
Wang, J., Yan, T., An, D., Liang, Z., Guo, C., Hu, H., Qi, F. (2021). A comprehensive security operation center based on big data analytics and threat intelligence PoS. International Symposium on Grids & Clouds (pp. 1-12). Taipei, Taiwan: Proceedings of Science. https://doi.org/10.22323/1.378.0028
William, V. C., Ivan, O. G., & Santiago, S. V. (2021). Proposal for an Implementation Guide for a Computer Security Incident Response Team on a University Campus. MDPI Journal on Computers, 10(8), 1-23. https://doi.org/10.3390/computers10080102
Zafar, I., & Zahid, A. (2020). SCERM - A novel framework for automated management of cyber threat response activities. Future Generation Computer Systems, Elsevier Journal, 687–708. https://doi.org/10.1016/j.future.2020.03.030