Security Incident Response System

The client

The client is Australia's leading IT service provider that specializes in helping its global customers plan, build and support their IT infrastructures. Its business operations cover over 30 countries located on 6 continents and mainly aim at Australian corporation and government organizations both locally and internationally.

What the client wanted

As a result of various intentional or natural factors, the network or infrastructures always suffered some incidents. If not handled in time, these incidents would possibly result in disasters; hence duly obtaining the incidents information in order to deal with the incidents quickly and effectively became the urgent affairs. The client required Abstract Technology to design a universal system which was used to report incidents and assign repair tasks to related engineers so to improve the efficiency of handling incidents.

The Security Incident Response System was developed to have different authorization roles such as manager, coordinator, internal engineer, external engineer and employee. After authenticated, any user could report a security incident to managers of the IR department by describing the incidents type, status, cause, nature, location, occurred time, detected time, and the person who detected it. After a manager viewed the report, he then classified the incident and assigned it to a coordinator. Once the coordinator received this incident, he would immediately assign the repair task to the most suitable internal/external engineers who would analyse and handle the incident; meanwhile, reports would be generated and mailed to appropriate users after each of the submitting. Furthermore, the functionalities of searching incidents and checking each incident's status would also be available.

Approach

Abstract Technology's engineers were involved in the complete life cycle of the development. The proven delivery model was successfully utilized in the development. The solution was built on Microsoft .NET 2003 and Windows 2003, and applied Application Building Blocks. The Windows Authorization Manager was used to realize the role-based security. The database was SQL Server 2000.

After deeply understanding the requirements, we began the architecture design and database design. This was a multi-layered system which included Presentation Layer, Business Layer, Data Access Layer and Data Layer in order to maximally separating concerns among components and allowing different developers to work on different parts of the solution with minimal dependencies on one another. Many great patterns had been adopted in each of the layer.

Since user interface logic tended to change more frequently than business logic, especially in Web-based applications, modularising the user interface functionality of a Web application was preferable way so that the user interface could be modified easily. For this reason, we adopted MVC (Model-View-Controller) pattern to separate the modelling of the domain, the presentation, and the actions in the design of Presentation Layer.

In the Data Access layer, a proven O-R Mapping framework, DAP, developed by our engineers was utilized. The DAP Framework was built with C# and designed to be an extensible and reusable package that could be freely deployed in any project developed with the programming languages that conformed to CLS (Common Language Specification). With the help of the DAP Framework, records in database table could be easily mapped to objects. The framework also provided functionalities of object caching, object states management, distributed transaction etc.

In the process of test, we implemented comprehensive test involving Function Test, Unit Test, Security Test, Integration Test, and Load Test to guarantee the quality of the system.

Benefits

• The time to marketing was slashed
• Improved the working efficiency
• Reduced the chance of accident
• A stable and scalable system was available

Download the complete case study Contact sales