Organizations and businesses are becoming reliant on the information system for their daily business activities nowadays, which increases these companies risk of exposure to security attacks. Therefore the prevention of our information assets while maintaining business operation stability and providing continual services is a significant issue for many organizations or companies. Companies implement the measures to monitor and manage security incidents, finding out what the threats and causes of security attacks malicious are. For information within the companies operating environments remains secure and the response processes the specialists adapted are in line with the security policy, the specialists of security operation centers comply with security policy to adopt appropriate actions when they receive the warning of security attacks or suffer from incidents.
Information security management (“ISM”) involves complex processes, encompassing the security incidents judgment and filtration in the front-end and security actions taken in the back-end of the ISM procedure. Prevention is better than cure, the key to stopping security attacks relies on the front-end judgment and filter with the most important control point being the threshold value of collection rule1. If the threshold value is not set out appropriately, specialists are either weighted down by processing the problems of security attacks or can not control the real-time status of the information environment, which means companies will suffer a high-risk of security problem.
Through observation of current practice, this study aims to objectively summarize reasonable values of threshold that result from data gleaned and then proposes automotive threshold values. The values are the reference for security incident reporting. A Company could refer to these values to set up their threshold values so that could manage and solve its security incidents immediately and efficiently.
