Search results

Pertinent information sharing across various government agencies, as well as non‐governmental and private organizations, is essential to assess the incident situation, identify the needed resources for emergency response and generate response plans. However, each agency may have incident management systems of its choice with valuable information in its own format, posing difficulty in effective information sharing. Application‐to‐application sharing cross agency boundaries will significantly reduce human efforts and delay in emergency response. Information sharing from disparate systems and organizations, however, requires solving of the interoperability issue. The purpose of this paper is to present the UICDS™‐based resource sharing framework as a step toward addressing the afore‐mentioned challenges.

A prototype middleware system is developed using a standards‐based information sharing infrastructure called UICDS™ (Unified Incident Command and Decision Support™), an initiative led by the Department of Homeland Security (DHS) Science and Technology division. This standards‐based middleware, resource management plug‐in utilizes the ontology of organizational structure, workflow activities and resources, and the inference rules to discover and share resource information and interoperability from different incident management applications.

The middleware prototype implementation shows that the UICDS™‐based interoperability between heterogeneous incident management applications is feasible. Specifically, the paper shows that the resource data stored in the Resource Directory Database (RDDB) of the NJ Office of Emergency Management (NJOEM), Hippocrates of the New Jersey Department of Health and Senior Services (NJDHSS) can be discovered and shared with other incident management systems using the ontology and inference rules.

This study illustrates the possible solutions to the application to application interoperability problem using the DHS initiated interoperability platform called UICDS™.

The resource discovery and emergency response planning can be automated using the incident domain ontology and inference rules to dynamically generate the location‐based incident response workflows.

Recognizing the 9/11 attacks as a turning point in the history of American emergency management and response philosophies, this chapter examines the evolution to a standardized National Incident Management System (NIMS). This involved the movement from individual jurisdictional and agency autonomy to adoption of a multilayered system where all efforts are intended to support a response beginning and ending at the local level. This chapter discusses the overarching NIMS doctrine and its incumbent on-scene Incident Command System (ICS) for coordinating on-scene operations. The specific focus is the application to the NIMS and the ICS to law enforcement.

Collaborative-based national cybersecurity incident management benefits from the huge size of incident information, large-scale information security devices and aggregation of security skills. However, no existing collaborative approach has been able to cater for multiple regulators, divergent incident views and incident reputation trust issues that national cybersecurity incident management presents. This paper aims to propose a collaborative approach to handle these issues cost-effectively.

A collaborative-based national cybersecurity incident management architecture based on ITU-T X.1056 security incident management framework is proposed. It is composed of the cooperative regulatory unit with cooperative and third-party management strategies and an execution unit, with incident handling and response strategies. Novel collaborative incident prioritization and mitigation planning models that are fit for incident handling in national cybersecurity incident management are proposed.

Use case depicting how the collaborative-based national cybersecurity incident management would function within a typical information and communication technology ecosystem is illustrated. The proposed collaborative approach is evaluated based on the performances of an experimental cyber-incident management system against two multistage attack scenarios. The results show that the proposed approach is more reliable compared to the existing ones based on descriptive statistics.

The approach produces better incident impact scores and rankings than standard tools. The approach reduces the total response costs by 8.33% and false positive rate by 97.20% for the first attack scenario, while it reduces the total response costs by 26.67% and false positive rate by 78.83% for the second attack scenario.

Particularly since the 11 September terrorist attacks in the USA, much attention has been given to the development and implementation of incident management systems (IMS). The IMS is a tool for marshalling pre‐identified and pre‐assembled resources to respond to an emergency or disaster. IMS is particularly useful when personnel and resources from many agencies and jurisdictions are required to manage large incidents successfully. While many IMS have been devised over the years, their use remains intermittent. This paper traces the evolution of IMS, reviews how it can be integrated into jurisdictional emergency and disaster management, and specifies the structures that are used in most incident management systems at the municipal level.

The need to develop effective approaches for responding to healthcare incidents for the purpose of learning and improving patient safety has been recognised in current national policy. However, research into this topic is limited. This study aims to explore the perspectives of professionals in mental health trusts in England about what works well and what could be done better when implementing serious incident management systems.

This was a qualitative study using semi-structured interviews. In total, 15 participants were recruited, comprising patient safety managers, serious incident investigators and executive directors, from five mental health trusts in England. The interview data were analysed using a qualitative-descriptive approach to develop meaningful themes. Quotes were selected and presented based on their representation of the data.

Participants were dissatisfied with current systems to manage serious incidents, including the root cause analysis approach, which they felt were not adequate for assisting learning and improvement. They described concerns about the capability of serious incident investigators, which was felt to impact on the quality of investigations. Processes to support people adversely affected by serious incidents were felt to be an important part of incident management systems to maximise the learning impact of investigations.

Findings of this study provide translatable implications for mental health trusts and policymakers, informed by insights into how current approaches for learning from healthcare incidents can be transformed. Further research will build a more comprehensive understanding of mechanisms for responding to healthcare incidents.

The purpose of this paper is to present the challenges and gaps in using an electronic adverse incident recording and reporting system from a commercial supplier to an acute health care setting.

The paper used action diary, documentation and triangulation to obtain an understanding of the challenges and gaps.

The paper provides health care with further understanding of the complexity, challenges and gaps of using an electronic adverse incident recording system to improve patient safety.

This paper explains the important views of clinicians and managers in relation to improving patient safety by using an electronic adverse incident management system.

Nowadays, to operate securely and legally and to achieve business objectives, secure valuable assets and support uninterrupted business processes, all organizations need to match a lot of internal and external compliance regulations such as laws, standards, guidelines, policies, specifications and procedures. An integrated system able to manage information security (IS) for their intranets in the new cyberspace while processing tremendous amounts of IS-related data coming in various formats is required as never before. These data, after being collected and analyzed, should be evaluated in real-time from an IS incident viewpoint, to identify an incident’s source, consider its type, weigh its consequences, visualize its vector, associate all target systems, prioritize countermeasures and offer mitigation solutions with weighted impact relevance. Different security information and event management (SIEM) systems cope with this routine and usually complicated work by rapid detection of IS incidents and further appropriate response. Modern challenges dictate the need to build these systems using advanced technologies such as the blockchain (BC) technologies (BCTs). The purpose of this study is to design a new BC-based SIEM 3.0 system and propose a methodology for its evaluation.

Modern challenges dictate the need to build these systems using advanced technologies such as the BC technologies. Many internet resources argue that the BCT suits the intrusion detection objectives very well, but they do not mention how to implement it.

After a brief analysis of the BC concept and the evolution of SIEM systems, this paper presents the main ideas on designing the next-generation BC-based SIEM 3.0 systems, for the first time in open access publications, including a convolution method for solving the scalability issue for ever-growing BC size. This new approach makes it possible not to simply modify SIEM systems in an evolutionary manner, but to bring their next generation to a qualitatively new and higher level of IS event management in the future.

The most important area of the future work is to bring this proposed system to life. The implementation, deployment and testing onto a real-world network would also allow people to see its viability or show that a more sophisticated model should be worked out. After developing the design basics, we are ready to determine the directions of the most promising studies. What are the main criteria and principles, according to which the organization will select events from PEL for creating one BC block? What is the optimal number of nodes in the organization’s BC, depending on its network assets, services provided and the number of events that occur in its network? How to build and host the SIEM 3.0 BC infrastructure? How to arrange streaming analytics of block’s content containing events taking place in the network? How to design the BC middleware as software that enables staff to interact with BC blocks to provide services like IS events correlation? How to visualize the results obtained to find insights and patterns in historical BC data for better IS management? How to predict the emergence of IS events in the future? This list of questions can be continued indefinitely for a full-fledged design of SIEM 3.0.

This paper shows the full applicability of the BC concept to the creation of the next-generation SIEM 3.0 systems that are designed to detect IS incidents in a modern, fully interconnected organization’s network environment. The authors’ attempt to begin with a detailed description of the basics for a BC-based SIEM 3.0 system design is presented, as well as the evaluation methodology for the resulting product.

The authors believe that their new revolutionary approach makes it possible not to simply modify SIEM systems in an evolutionary manner, but to bring their next generation to a qualitatively new and higher level of IS event management in the future. They hope that this paper will evoke a lively response in this segment of the security controls market from both theorists and direct developers of living systems that will implement the above approach.

Traditionally, management of disasters, particularly those emanating from environmental hazards, have been reactive with efforts focussed on technical response issues. Drawing from incident command system (ICS) theory, this paper proposes a conceptual model for managing marine oil spills in South Africa.

A qualitative biased sequential mixed-based research method was applied for this study. The technical processes undertaken in instituting a incident management system (IMS) for marine oil spills through Operation Phakisa Oil and Gas initiative were observed from November 2016 to November 2019. Preliminary findings were subsequently explored quantitatively in 54 semi-structured questionnaires conducted with experts in the marine pollution environment.

Findings presented in this paper demonstrate an integrative coordination continuum with a stringent focus on coherent multi-stakeholders' incident management collaborations. Qualitative findings stipulated limitations to the efficient application of oil spill risk minimisation policies, especially in the provincial and local spheres of government. Quantitative findings established that some local municipalities have mainstreamed and have budgets for inter-organisational planning and preparedness. Regardless, several informants continue to perceive disaster risk management and offshore-related activities as “unfunded mandates”, especially where response operation and sustainable rehabilitation programmes are concerned.

In integrating the organisational theory and the incident command tools, the value of this study dwells in recommending a conceptual model that mainstreams inter- and intra-organisational planning, preparedness and response to the marine oil spill risk. The model is valuable because it focusses beyond the traditional emergency response tool but is fundamental in effecting adherence to reporting lines, performance standards and information integration.

In the USA, terrorist threats captured government attention following 11 September 2001. Cities remain the most likely setting for terrorist incidents. Many cities, building on a successful federal program begun in 1997, have developed metropolitan medical response systems (MMRS) to address the consequences of terrorist incidents. The basic system design has been tested both through drills and incidents – including the attacks on the World Trade Center – and appears to function well. This paper describes the philosophy and elements of the MMRS model. The model has considerable value as a readily exportable strategy for responding to municipal terrorist incidents.

The promulgation of disaster management legislation and policy in South Africa necessitates the development of a uniform multi‐agency incident and disaster response system. This paper aims to argue that a uniform response by numerous government agencies in South Africa can only be achieved through the application of an accepted model, which is based on the requirements of the Disaster Management Act 57 of 2002 as well as the National Disaster Risk Management Framework of South Africa.

The model was developed using grounded theory methodology through the use of the internet and focus group interviews with South African as well as international experts. During the process of analysing the data by open and axial coding, key elements emerged which were then clustered into categories from which the core concepts of the model emerged. The emergent core concepts were then dimensionalised, which formed the major constructs of the model thereby ensuring that the model was grounded in the theory. Constant comparisons were drawn with the experiences in the field throughout the process in order to ensure theoretical sensitivity. During the process of axial coding certain intervening conditions emerged which could negatively or positively affect its application. The developed model was therefore subjected to scrutiny by means of a quantitative attitudinal test amongst senior professionals involved in the field of emergency and disaster management, resulting in triangulation.

The findings demonstrate that in order for the proposed model to be implemented effectively it is necessary to refine each level of response in terms of authority, communication and reporting lines.

This model can be used as the foundation for the development of a comprehensive response management system for South Africa and other similar countries, and that the model can further contribute to the development of a basic training module for inclusion in the curricula of response agency personnel.