Cybersecurity incident management using Open-Source Ticket Request System (OTRS)

Cyber-attacks become more sophisticated and prevalent. Subsequently, organisations should have a strong incident management procedure in place. While the OTRS is a comprehensive ticketing system for monitoring and tracking incident occurrences. While the SOC are crucial since they are discovering, analysing, and responding to security issues. Combining these two systems can be challenging and demands careful preparation and execution. Some integration results show that the real-time threat intelligence integration is lacking of real-time event correlation, alert prioritization is inadequate, scalability and performance are constrained, incident coordination and Collaboration are ineffective. By overcoming these challenges. organizations can improve this Collaboration, increase the incident management effectiveness, visibility and monitoring capabilities, and compliance with industry laws. This study explores usage of an OTRS for incident management which used by SOC. The design and implementation phase introduce a SOC Conunander, a rebranded and augmented OTRS tailored for cybersecurity incident management. The SOC Commander emerges as a powerful solution addressing incident prioritization, scalability, and coordination inefficiencies. It aligns seamlessly with identified problem statements, revolutionizing incident management techniques. Through qualitative techniques including interviews and data simulation, major stakeholders in incident response offer profound insights. This study lays the groundwork for a resilient incident response framework, enhancing cyber resilience against modem threats. The Multi-Tiered Incident Response Framework is a tiered approach, synchronized incident handling, and real-time communication tools promise efficient incident management across layers.