No Security Information and Event Management (SIEM) to manage and handle the security log 

Without a SIEM system, it’s harder to detect attacks, investigate issues, predict risks, and follow security rules, making the system less secure.  

Basic Documentation   

1. Installing SIEM system and connect it to the all-network equipment and servers.   
2. Regularly (daily) check logs of suspicious activity. 
3. Use simpler tools to collect and review logs from different systems. 
4. Create automatic alerts for unusual activity like failed logins or strange network traffic.  
5. Periodically review security systems to make sure logs are being handled properly.  
6. Create a clear plan to respond to security issues.  
7. Make sure logs are stored securely and for the right amount of time.  
8. The security specialist should be trained on the Incident Response, Digital Forensics and SoC Analyst to deal with different types of alerts messages.   

The chairman of risk management sub-committee in UTAS-SUR
Dr.Sami Al-Batashi, Phone: +968 9293 9604
Email: sami.albattashi@utas.edu.om

Risk Management Committee in UTAS-SUR

High

High

High

1. Analyzing the logs to track the attack or the suspicious activities  
2. Writing the initial report to describe the security attacks include: Source of attack, time, which systems and data effected, victim files and the vulnerabilities executed to run the attack  
3. Containment, eradication and recovery to bring back the network and services to its former functionality.  
4. Activate automatic alerts when any hacking attempt or unusual activity is detected.  
5. Improving the incident response plan to prevent and deal with similar attack in future.   

By sending the final report explaining the problem causes and how we can mitigate next time.