Võrgus olev õppus tehnilise spetsialisti küberintsidendi raporteerimisoskuse individuaalseks hindamiseks ja parendamiseks
Files
Date
2018
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Küberintsidentide dokumenteerimise ja raporteerimise õppimiseks väljaspool tootmiskeskkonda sobivad olemasolevad meeskondade vahelised mastaapsed küberõppused. Paraku on paljudes väikefirmades vähe ressursse ning üksikud IT lahenduste eest vastutavad ning neil puudub võimalus sellistel suurõppustel osaleda.Käesolev töö on loodud tehniliste spetsialistide küberintsidentide raporteerimisoskuse individuaalseks hindamiseks ja parendamiseks. Töö sisaldab nõudeid, mis kaasnevad võrgus oleva küberintsidendi raporteerimise õppuse loomisega, samuti lühiülevaadet alates 2018 a. 25. maist Euroopa Liidus kehtivast isikuandmete kaitse määrusest käesoleva õppuse raames. Töös keskendutakse üksikisiku jaoks küberintsidendi raporteerimise õppuse loomise protsessile ning sellega kaasnevatele väljakutsetele. Töös analüüsitakse küberõppuse hindamismetoodikaid ning pakutakse, testitakse ja analüüsitakse uut küberintsidendi raporti hindamissüsteemi. Samuti pakutakse üks potentsiaalne küberintsidendi raporti standardi mall.Loodud õppus koos genereeritud hindamissüsteemiga võimaldab üksikisikul Interneti vahendusel, väheste ressurssidega, hinnata ning parendada küberintsidendi raporteerimise oskust. Käesoleva töö raames loodi õppus mille eesmärk on andmelekke tuvastamine võrgulogidest. Produtseeritud hindamismetoodika on universaalne ning mõõduka vaevaga rakendatav ka teist tüüpi küberintsidentide raporteerimise õppuste loomisel.
Existing large-scale team based cyber exercises are well suitable for learning cyber incident documenting and reporting outside the production environments. However, taking part in these big exercises is not an option for many small companies with very limited resources, with only few persons responsible for IT solutions. This thesis is produced to evaluate and improve individual technical specialists’ cyber incident reporting skills. Thesis introduces the requirements that are involved with creating online cyber incident reporting exercises. Also, in the context of this exercise, a short review is provided regarding the EU general data protection regulation, active from 25th of May 2018. Thesis also focuses on the process and challenges included with creating a cyber-incident reporting exercise for individuals. Thesis analyzes cyber security exercise evaluation methods and a new cyber incident report scoring method is produced, tested, and analyzed. Possible standard for cyber incident report template is presented. The created exercise with generated evaluation system enables indi-viduals to evaluate and improve their cyber incident reporting skills individually online with low resources. An exercise, with the goal of discovering a data leak from network traffic, was created for this thesis. The produced cyber incident report scoring method is versatile, so that other types of cyber incident reporting exercises can be created upon it, with medium effort.
Existing large-scale team based cyber exercises are well suitable for learning cyber incident documenting and reporting outside the production environments. However, taking part in these big exercises is not an option for many small companies with very limited resources, with only few persons responsible for IT solutions. This thesis is produced to evaluate and improve individual technical specialists’ cyber incident reporting skills. Thesis introduces the requirements that are involved with creating online cyber incident reporting exercises. Also, in the context of this exercise, a short review is provided regarding the EU general data protection regulation, active from 25th of May 2018. Thesis also focuses on the process and challenges included with creating a cyber-incident reporting exercise for individuals. Thesis analyzes cyber security exercise evaluation methods and a new cyber incident report scoring method is produced, tested, and analyzed. Possible standard for cyber incident report template is presented. The created exercise with generated evaluation system enables indi-viduals to evaluate and improve their cyber incident reporting skills individually online with low resources. An exercise, with the goal of discovering a data leak from network traffic, was created for this thesis. The produced cyber incident report scoring method is versatile, so that other types of cyber incident reporting exercises can be created upon it, with medium effort.