| 摘要 |
<p>A method of responding to an information technology related incident. The method having the steps of receiving a security alert (54), the security ale rt being displayed on an incident response and investigation system (58) for analysis by an administrator; documenting the incident (56) based on information contained in the security alert; opening an investigation file (64) to administratate investigation of the incident; collecting items of electronic evidence and maintaining the evidence in an electronic evidence database associated with the investigation file (66). An incident response a nd investigation system is also disclosed. The system having an incoming securi ty alert administration function for receiving and analyzing security alert, ea ch security alert containing information related to an event (106), the event being related to an information technology policy of an organization; an incident administration function for creating an incident file to document t he event; and an investigation administration function for administering an investigation of the event documented in the incident file (158).</p> |
