Estructuración de ataques informáticos por medio de playbooks

John Freddy  Quintero Tamayo; Yenny Stella  Nuñez Alvarez; Nelly Alexandra  Cuevas Nuñez

doi:10.22490/25394088.7498

Vol. 17 No. 4 (2023): Edición especial Expotech

Published 2023-12-11

license

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

When the Publicaciones e Investigaciones Journal receives an original study or article from its author(s), whether by email, postal service, or the platforms available for said purpose, know that it may be published in physical or electronic formats in national or international archives, databases, or SIRES. As such, Publications and Research authorizes the reproduction and citation of said material, provided that the description of information is carried out in conformity with bibliographic norms, and mention the corresponding names, authors, article, issue, and pages. Publications and Research, in advance, expresses that the information, concepts, and methods are the responsibility of the author(s). As such, the UNAD does not have any influence whatsoever over that expressed in the manuscript.

Original article

Structuring of computer attacks through playbooks

DOI: https://doi.org/10.22490/25394088.7498

John Freddy Quintero Tamayo Universidad Nacional Abierta y a Distancia

Yenny Stella Nuñez Alvarez Universidad Nacional Abierta y a Distancia

Nelly Alexandra Cuevas Nuñez Universidad Nacional Abierta y a Distancia

PDF (Spanish)

XML (Spanish)

Abstract
References

This project proposes the need to establish a knowledge database that provides guidance for responding to cybersecurity events or incidents that may arise within the University or involve any of its stakeholders or target communities. The initiative aims to enhance the University's cybersecurity capabilities and ensure a prompt and effective response to potential cyber threats within its community and beyond. By leveraging collective knowledge, the database will become a valuable resource to protect and safeguard the University's digital environment.

The purpose is to strengthen preparedness and response to computer incidents, fostering coordination among involved parties and target communities. Additionally, this project represents a significant step towards establishing a Computer Security Incident Response Team (CSIRT) Center, enabling the University to proactively and efficiently address security challenges in a constantly evolving technological environment. The structuring of a computer attack is crucial within the operation of groups responsible for generating responses to these incidents, which is why the playbooks will include attack descriptions, system impact, tools used for containment, resolution, and recommendations.

The project addresses the automation of playbooks managed by the academic CSIRT of the National Open University and Distance Learning (UNAD) using the GLPI tool.

keywords: Learning, database, knowledge, processes, response, computer attacks

Costo de una filtración de datos 2023 | IBM. (s. f.). Recuperado 20 de octubre de 2023, de https://www.ibm.com/mx-es/reports/data-breach

Dansimp. (2023, abril 24). Incident response playbooks. https://learn.microsoft.com/en-us/security/operations/incident-response-playbooks

Directrices y sus desafíos en la implementación del CSIRT en Ecuador | SpringerEnlace. (s. f.). Recuperado 20 de octubre de 2023, de https://link.springer.com/chapter/10.1007/978-3-030-63665-4_19

ESP-Manual-de-Supervision-de-riesgos-ciberneticos-para-juntas-coporativas.pdf. (s. f.-a). Recuperado 20 de octubre de 2023, de https://www.oas.org/es/sms/cicte/docs/ESP-Manual-de-Supervision-de-riesgos-ciberneticos-para-juntas-coporativas.pdf

ESP-Manual-de-Supervision-de-riesgos-ciberneticos-para-juntas-coporativas.pdf. (s. f.-b). Recuperado 20 de octubre de 2023, de https://www.oas.org/es/sms/cicte/docs/ESP-Manual-de-Supervision-de-riesgos-ciberneticos-para-juntas-coporativas.pdf

Evolución del sistema de gestión de incidentes de seguridad orientado a CSIRT de la UNLP-Ngen. (s. f.). Recuperado 20 de octubre de 2023, de http://sedici.unlp.edu.ar/handle/10915/154923

Falta de profesionales en ciberseguridad: Una brecha que crece. (s. f.). Recuperado 20 de octubre de 2023, de https://www.welivesecurity.com/la-es/2020/11/03/falta-profesionales-ciberseguridad-brecha-que-crece/

Fauziyah, F., Wang, Z., & Joy, G. (2022). Knowledge Management Strategy for Handling Cyber Attacks in E-Commerce with Computer Security Incident Response Team (CSIRT). Journal of Information Security, 13(4), Article 4. https://doi.org/10.4236/jis.2022.134016

Gallo, J. F. G. (s. f.). INFRAESTRUCTURAS CRÍTICAS CIBERNÉTICAS EN COLOMBIA.

Guia-CSIRT 2023 ESP Digital.pdf. (s. f.). Recuperado 20 de octubre de 2023, de https://www.oas.org/es/sms/cicte/ciberseguridad/publicaciones/Guia-CSIRT%202023%20ESP%20Digital.pdf

Haidar, M., Sucahyo, Y. G., Sukardi, T., & Gandhi, A. (2021). Analysis of Csirt Services in Facing Cyber Security Challenges in Indonesia. 2021 4th International Conference on Information and Communications Technology (ICOIACT), 154-159. https://doi.org/10.1109/ICOIACT53268.2021.9563925

Hollenberger, J. (2023, mayo 2). A Guide to Incident Response Plans, Playbooks, and Policy | CISO Collective. Fortinet Blog. https://www.fortinet.com/blog/ciso-collective/incident-response-plans-playbooks-policy

ITIL | IT Service Management | Axelos. (2019). https://www.axelos.com/certifications/itil-service-management

MITRE ATT&CK®. (2023). https://attack.mitre.org/

OEA. (2009, agosto 1). OEA - Organización de los Estados Americanos: Democracia para la paz, la seguridad y el desarrollo [Text]. OEA - Organización de los Estados Americanos. https://www.oas.org/es/centro_noticias/comunicado_prensa.asp?sCodigo=AVI-095/20

Pargar, F., Kujala, J., Aaltonen, K., & Ruutu, S. (2019). Value creation dynamics in a project alliance. International Journal of Project Management, 37(5), 716-730. https://doi.org/10.1016/j.ijproman.2018.12.006

Pascual, D. (2021, mayo 18). El libro de jugadas del adversario activo 2021. Sophos News. https://news.sophos.com/es-419/2021/05/18/el-libro-de-jugadas-del-adversario-activo-2021-2/

Scarone, K. (2023). How to create an incident response playbook | TechTarget. Security. https://www.techtarget.com/searchsecurity/tip/How-to-create-an-incident-response-playbook

Tang, R. T. (2021). (14) Cyber Security Playbook for SOCs #10 | LinkedIn. https://www.linkedin.com/pulse/cyber-security-playbook-socs-10-ricky-tang/?trk=pulse-article_more-articles_related-content-card

Thangavelu, M., Krishnaswamy, V., & Sharma, M. (2021). Impact of comprehensive information security awareness and cognitive characteristics on security incident management – an empirical study. Computers & Security, 109, 102401. https://doi.org/10.1016/j.cose.2021.102401

yelevin. (2023, junio 21). Automatización de la respuesta a amenazas con cuadernos de estrategias en Microsoft Sentinel. https://learn.microsoft.com/es-es/azure/sentinel/automate-responses-with-playbooks

Zurkus, K. (2018, octubre 8). Does Your SOC Have a Security Playbook? Security Intelligence. https://securityintelligence.com/does-your-soc-have-a-security-playbook/

license

How to Cite

Quintero Tamayo, J. F. ., Nuñez Alvarez, Y. S. ., & Cuevas Nuñez, N. A. . (2023). Structuring of computer attacks through playbooks. Publicaciones E Investigación, 17(4). https://doi.org/10.22490/25394088.7498

Download Citation

Almétricas