Strategy to develop a system for Cyber Emergency Response on the Internet
All the events that occur in the field of security, for example vulnerabilities, compromises from live, various identification of attacks or analysis of the cause of the event, take as a basis and starting point the Flow of information.
Information flow control
This process or cycle completely defines the whole model, the way of functioning and operation of different systems, services, and infrastructures. In case of reaction during cyber emergency situations, it is preferable that to find the person responsible or to come to the solution and then apply it to get out of this situation, it is preferable to use logic as a control over the entire flow of information. And we will automatically understand where there has been disconnection deviation or copy of communication in this case on information flow. All models of the development cycle of systems (SDLC) and applications provide and consider the flow of information in the context of adapting and meeting the requirements of the client or user.
Legal countermeasures are divided into two categories, presented as follows:
- Incident prevention and
- Response or reaction to the incident
If we start with the legal countermeasures for the prevention of the incident, we will first conduct a general assessment of the vulnerability that would produce certain actions in the infrastructure as a countermeasure of prevention, i.e. the fulfillment of patching for all users, removing malicious code, removing vulnerabilities from operators of the system. Second, the banning or blocking of misused systems by identifying and removing misused channels and websites abroad. Third, and an important process is the return or restoration of a reliable website, the provision of information and appropriate treatment is required. Continuing further, we reach the legal countermeasures for answer or response to the incident, and it always starts with the announcement of the incident that starts the organization of the professional research group. Second, cause analysis and data dissemination to investigate the potential causes that led to the incident and data storage. Third and most important is the management or treatment of an incident involving the restriction of access, the anticipation of incidents and warning systems.
The role of everyone in an Internet environment is important from the end users, internet service providers, government agencies, etc. For the internet environment to be as secure as possible, the cooperation and commitment of all these parties is necessary, to prevent the threats that are being made to this communication space such as the Internet. As a result of this cooperation, the level of security of the country’s critical infrastructure would be improved.
The end user may be a victim or attacker at the same time, therefore greater commitment is required in their education for safe use of the internet and exceptional care in the face of the risks that arise. Agencies can make their contribution through the development of information analysis, the requirement to disable access to certain suspicious locations, the development and distribution of training programs, the provision of forecasting and warning systems is mandatory.