Picture above shows high level incidents classification.
Part of IT Security is also set of policies and procedures called “Incident response process“.
Several examples of security breach, which require incident response in place:
- unauthorized access to files or resources
- multiple account lockouts
- password security compromise
- malicious traffic detection
- malware infection
- missing audit log files
- altered audit trail records
Data for these visuals were collected from undisclosed incident management tool and anonymized during the process.
Scope of incidents is always related to security. Community detection algorithm was used to spot similar issues and similar locations.
Dislocated nodes belongs to incidents which were not handled in timely manner / assigned to proper team.
Because of data confidentiality, further details are not disclosed.
Initial picture shows grouped edges which mean processed incidents. Nodes visible as blue dots stands for incidents which were not yet handled within the process.
Further only processed incidents are pictured. Nodes stands for IT functions taking care of particular part of incident management response.
Final view, which includes information about severity of security incident. Into severity of incident it was calculated also scope of the incident and risk. Darker the edge, the more severe issue it poses: