Incident Response: the road from a Security Policy to automated trace-back mechanisms

Incident Response has always been perceived as a very important issue in every Corporate Security Policy. Every security incident has to be treated differently according to many different factors that define its significance, magnitude and effects. In this context, many Incident Response best practices were developed and adopted in corporate or legal frameworks and standards. On the other hand, Digital Forensics and trace-back mechanisms are considered to be the ultimate technical solution for holding attackers accountable for their actions. This paper presents a complete management framework and a structured methodology for efficiently respond to security incidents. Furthermore, it proposes an approach to effectively mirror specific management and policy issues to certain technical mechanisms in order to reach to the actual attacker. Finally, new challenges, open issues and the changing focus from corporate environments to ordinary users are presented, hoping to drive heavy research in this very prosperous field in Information Security.