Knowledge management for information security incident handling at Security Operation Center of Jakarta Provincial Government

Abstract

Information security incidents have increased in number and become more diverse and destructive and disrupt service availability. An incident management system is needed to detect and handle information security incidents quickly, minimize losses, reduce exploited vulnerabilities and restore infrastructure, including services. An incident management system needs to be managed with a Security Operations Center (SOC). The use of tacit knowledge has been shown to help accelerate problem-solving in SOC better than experience by adopting strategies that have been used previously. The application of knowledge management in SOC has become a basic need. An organization's ability to manage existing knowledge is a necessary strength to be able to survive in the face of incessant cyber-attacks. This study aims to examine the process of capturing tacit in SOC so that it can be used to analyze and deal with cyber threats and to lay the foundation for implicit knowledge management in organizations to increase the efficiency of work methods and processes responding to incidents efficiently and systematically.