Frano Santiago Capeta Mondoñedo, Carlos Miguel Franco Del Carpio
DOI: 10.59427/rcli/2024/v24cs.2273-2280
The identification of cyber attacks is not an exact subject; it requires having technical capabilities, adequate technological tools, practical skills for the on-site identification of an attack in progress and, above all, a proactive operating model on what to do during and after being targeted. For cybercriminals, the focus is normally on the deployment and implementation of a tool, be it a firewall, a WAF or other complementary ones, this generates a false sense of security combined with the lack of an operating model for the identification and management of cyberattacks. increasingly causes SMEs to have consequences of all kinds, consequences that could be avoided if a set of procedures were applied – operational and proactive model – additionally, SMEs do not have a full awareness of the causes and consequences that a cyber attack can bring to the organization and only after having been affected do they become aware of its importance, however the proactive model presented proposes activities before – preparation activities – activities during – identification and correct characterization – activities after – return to normality, research and identification of the vector – these activities have been conceptualized and proposed in such a way that they can serve as a practical guide or checklist, which will allow the responsible professional to simplify their work and, above all, avoid having to search in various sources – often contradictory. each other – in order to be able to act as quickly as possible and efficiently, which will benefit the organization it serves and at the same time will allow the professional to gain experience and knowledge about the correct way to act in the event of a cybersecurity incident, although it is true that the proposed model is not the only way to deal with an incident, the model is characterized by being proactive and allowing the definition of a set of prior tasks, which contribute to the provision of preventive cybersecurity measures that They contain an attack in its early stages, giving the necessary time to be identified and to be able to deploy greater measures and avoid losses.
Pág 2273-2280, 31 Dic
