First I’d like to introduce some information security problem, and regarding these problems I will outline those compelling circumstances which could influence the companie’s risk management and incident management.

In the recent information security situation, a good incident handling solution should be the part of every information systems. Information networks, as a part of the Information systems, facing several internal and external attacks, which can be avoided by using different kind of protection, most of all preventive and detective types of protection. I’d like to introduce you a detective solution. For detecting the incidents, we have to find and define the critical systems which has to be monitored, and have to choose those digital trails, logs, which has to be collected.

The choice of the log data of the company’s information systems is broadening. With proper and adequate processing and analysis of these log data, you can effectively produce signals, warnings, alerts to explore the internal/external attacks and abuses. You can also collect information about the compliance issues.

The main tasks of a digital-trail analyzing system are to collect the several „digital trails” created by the different type of information systems, supervise and control the collecting, exploring the irregularities by processing the source data, find the threats and possible abuses, support the prevention of such events with analyzing the hidden contexts and the procedures on long term basis.

During the planning of the implementation of a digital-trail analyzing system, it is practical to follow a method which say: collect all the relevant events in one big and common event space when you can interpret the meaning and the context with automated processes, and the results are readable and meaningful for the humans.

In my presentation I’d like to review the working method, the tipical structure, the usefullnes, the opportunities and the implemetation methodology of such kind of system.

Draft:

- Introduction

- Incident handling via the critical systems

- Digital trail

- Working method

- Logical and phisical structure

- Working processes

- Opportunities

- Implemetation and operation problems