Search results

1 – 10 of over 14000
Article
Publication date: 28 June 2021

Oluwafemi Oriola, Adesesan Barnabas Adeyemo, Maria Papadaki and Eduan Kotzé

Collaborative-based national cybersecurity incident management benefits from the huge size of incident information, large-scale information security devices and aggregation of…

Abstract

Purpose

Collaborative-based national cybersecurity incident management benefits from the huge size of incident information, large-scale information security devices and aggregation of security skills. However, no existing collaborative approach has been able to cater for multiple regulators, divergent incident views and incident reputation trust issues that national cybersecurity incident management presents. This paper aims to propose a collaborative approach to handle these issues cost-effectively.

Design/methodology/approach

A collaborative-based national cybersecurity incident management architecture based on ITU-T X.1056 security incident management framework is proposed. It is composed of the cooperative regulatory unit with cooperative and third-party management strategies and an execution unit, with incident handling and response strategies. Novel collaborative incident prioritization and mitigation planning models that are fit for incident handling in national cybersecurity incident management are proposed.

Findings

Use case depicting how the collaborative-based national cybersecurity incident management would function within a typical information and communication technology ecosystem is illustrated. The proposed collaborative approach is evaluated based on the performances of an experimental cyber-incident management system against two multistage attack scenarios. The results show that the proposed approach is more reliable compared to the existing ones based on descriptive statistics.

Originality/value

The approach produces better incident impact scores and rankings than standard tools. The approach reduces the total response costs by 8.33% and false positive rate by 97.20% for the first attack scenario, while it reduces the total response costs by 26.67% and false positive rate by 78.83% for the second attack scenario.

Article
Publication date: 13 June 2016

Reza Alavi, Shareeful Islam and Haralambos Mouratidis

The purpose of this paper is to introduce a risk-driven investment process model for analysing human factors that allows information security managers to capture possible…

1472

Abstract

Purpose

The purpose of this paper is to introduce a risk-driven investment process model for analysing human factors that allows information security managers to capture possible risk–investment relationships and to reason about them. The overall success of an information security system depends on analysis of the risks and threats so that appropriate protection mechanism can be in place to protect them. However, lack of appropriate analysis of risks may potentially results in failure of information security systems. Existing literature does not provide adequate guidelines for a systematic process or an appropriate modelling language to support such analysis. This work aims to fill this gap by introducing the process and reason about the risks considering human factors.

Design/methodology/approach

To develop risk-driven investment model along with the activities that support the process. These objectives were achieved through the collection of quantitative and qualitative data utilising requirements engineering and secure tropos methods.

Findings

The proposed process and model lead to define a clear relationship between risks, incidents and investment and allows organisations to calculate them based on their own figures.

Research limitations/implications

One of the major limitations of this model is that it only supports incident-based investment. This creates some sort of difficulties to be presented to the executive board. Secondly, because of the nature of human factors, quantification does not exactly reflect the monetary value of the factors.

Practical implications

Applying the information security risk-driven investment model in a real case study shows that this can help organisations apply and use it in other incidents, and more importantly, to the incidents which critical human factors are a grave concern of organisations. The importance of providing a financial justification is clearly highlighted and provided for seeking investment in information security.

Social implications

It has a big social impact that technically could lead for cost justifications and decision-making process. This would impact the whole society by helping individuals to keep their data safe.

Originality/value

The novel contribution of this work is to analyse specific critical human factors which have subjective natures in an objective and dynamic domain of risk, security and investment.

Article
Publication date: 23 March 2010

Rodrigo Werlinger, Kasia Muldner, Kirstie Hawkey and Konstantin Beznosov

The purpose of this paper is to examine security incident response practices of information technology (IT) security practitioners as a diagnostic work process, including the…

4592

Abstract

Purpose

The purpose of this paper is to examine security incident response practices of information technology (IT) security practitioners as a diagnostic work process, including the preparation phase, detection, and analysis of anomalies.

Design/methodology/approach

The data set consisted of 16 semi‐structured interviews with IT security practitioners from seven organizational types (e.g. academic, government, and private). The interviews were analyzed using qualitative description with constant comparison and inductive analysis of the data to analyze diagnostic work during security incident response.

Findings

The analysis shows that security incident response is a highly collaborative activity, which may involve practitioners developing their own tools to perform specific tasks. The results also show that diagnosis during incident response is complicated by practitioners' need to rely on tacit knowledge, as well as usability issues with security tools.

Research limitations/implications

Owing to the nature of semi‐structured interviews, not all participants discussed security incident response at the same level of detail. More data are required to generalize and refine the findings.

Originality/value

The contribution of the work is twofold. First, using empirical data, the paper analyzes and describes the tasks, skills, strategies, and tools that security practitioners use to diagnose security incidents. The findings enhance the research community's understanding of the diagnostic work during security incident response. Second, the paper identifies opportunities for future research directions related to improving security tools.

Details

Information Management & Computer Security, vol. 18 no. 1
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 3 June 2019

Mark Glenn Evans, Ying He, Iryna Yevseyeva and Helge Janicke

This paper aims to provide an understanding of the proportions of incidents that relate to human error. The information security field experiences a continuous stream of…

Abstract

Purpose

This paper aims to provide an understanding of the proportions of incidents that relate to human error. The information security field experiences a continuous stream of information security incidents and breaches, which are publicised by the media, public bodies and regulators. Despite the need for information security practices being recognised and in existence for some time, the underlying general information security affecting tasks and causes of these incidents and breaches are not consistently understood, particularly with regard to human error.

Design/methodology/approach

This paper analyses recent published incidents and breaches to establish the proportions of human error and where possible subsequently uses the HEART (human error assessment and reduction technique) human reliability analysis technique, which is established within the safety field.

Findings

This analysis provides an understanding of the proportions of incidents and breaches that relate to human error, as well as the common types of tasks that result in these incidents and breaches through adoption of methods applied within the safety field.

Originality/value

This research provides original contribution to knowledge through the analysis of recent public sector information security incidents and breaches to understand the proportions that relate to human error.

Details

Information & Computer Security, vol. 27 no. 3
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 16 October 2007

Finn Olav Sveen, Jose M. Sarriegi, Eliot Rich and Jose J. Gonzalez

This research paper aims to examine how incident‐reporting systems function and particularly how the steady growth of high‐priority incidents and the semi‐exponential growth of…

1644

Abstract

Purpose

This research paper aims to examine how incident‐reporting systems function and particularly how the steady growth of high‐priority incidents and the semi‐exponential growth of low‐priority incidents affect reporting effectiveness. Social pressures that can affect low‐ and high‐priority incident‐reporting rates are also examined.

Design/methodology/approach

The authors reviewed the incident‐reporting system literature. As there are few studies of information security reporting systems, they also considered safety‐reporting systems. These have been in use for many years and much is known about them. Safety is used to “fill in the gaps”. The authors then constructed a system dynamics computer simulation model. The model is used to test how an incident‐reporting system reacts under different conditions.

Findings

Incident reporters face incentives and disincentives based on effects on through‐put but have limited knowledge of what is important to the organization's security. Even if a successful incident‐reporting policy is developed, the organization may become the victim of its own success, as a growing volume of reports put higher pressure on incident‐handling resources. Continuously hiring personnel is unsustainable. Continuously improving automated tools for incident response promises more leverage.

Research limitations/implications

The challenges in safety may not be the same as those in information security. However, the model does provide a starting‐point for further enquiries into information security reporting systems.

Originality/value

An examination of basic factors that affect information security reporting systems is provided. Four different policies are presented and examined through simulation scenarios.

Details

Information Management & Computer Security, vol. 15 no. 5
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 10 March 2021

Manfred Vielberth, Ludwig Englbrecht and Günther Pernul

In the past, people were usually seen as the weakest link in the IT security chain. However, this view has changed in recent years and people are no longer seen only as a problem…

Abstract

Purpose

In the past, people were usually seen as the weakest link in the IT security chain. However, this view has changed in recent years and people are no longer seen only as a problem, but also as part of the solution. In research, this change is reflected in the fact that people are enabled to report security incidents that they have detected. During this reporting process, however, it is important to ensure that the reports are submitted with the highest possible data quality. This paper aims to provide a process-driven quality improvement approach for human-as-a-security-sensor information.

Design/methodology/approach

This work builds upon existing approaches for structured reporting of security incidents. In the first step, relevant data quality dimensions and influencing factors are defined. Based on this, an approach for quality improvement is proposed. To demonstrate the feasibility of the approach, it is prototypically implemented and evaluated using an exemplary use case.

Findings

In this paper, a process-driven approach is proposed, which allows improving the data quality by analyzing the similarity of incidents. It is shown that this approach is feasible and leads to better data quality with real-world data.

Originality/value

The originality of the approach lies in the fact that data quality is already improved during the reporting of an incident. In addition, approaches from other areas, such as recommender systems, are applied innovatively to the area of the human-as-a-security-sensor.

Details

Information & Computer Security, vol. 29 no. 2
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 4 September 2007

Klaus Möller

Grid computing has often been heralded as the next logical step after the worldwide web. Users of grids can access dynamic resources such as computer storage and use the computing…

Abstract

Purpose

Grid computing has often been heralded as the next logical step after the worldwide web. Users of grids can access dynamic resources such as computer storage and use the computing resources of computers under the umbrella of a virtual organisation. Although grid computing is often compared to the worldwide web, it is vastly more complex both in organisational and technical areas. This also extends into the area of security and incident response, where established academic computer security incident response teams (CSIRTs) face new challenges arising from the use of grids. This paper aims to outline some of the organisational and technical challenges encountered by the German academic CSIRT, DFN‐CERT while extending and adapting their services to grid environments during the D‐Grid project.

Design/methodology/approach

Most national research and education networks (NRENs) already have computer security incident response teams to respond to security incidents involving computers connected to the networks. This paper considers how one established NREN CSIRT is dealing with the new challenges arising from grid computing.

Findings

The paper finds that D‐Grid Initiative is an ongoing project and the establishment of CSIRT services for grids is still at an early stage. The establishment of communication channels to the various grid communities as well as gaining of knowledge about grid software has required DFN‐CERT to make changes even though the basic principles of CSIRT operation remain the same.

Originality/value

The D‐Grid project aims to establish a common grid infrastructure that can be used by other scientific domains. The project consists of six community projects and one integration project (DGI – D‐Grid Integration). The DGI project will develop the basic infrastructure, while the community projects will build on this infrastructure and enhance it for the specific needs of their research areas. At the initial stage of the DGI project, the idea of a central CSIRT for all grids in Germany was seen as an advantage over having a CSIRT for each grid project, which would have replicated efforts and thus wasted resources. This paper gives an overview about the organisational and technical challenges and experiences DFN‐CERT has encountered while setting up a CSIRT for the D‐Grid communities.

Details

Campus-Wide Information Systems, vol. 24 no. 4
Type: Research Article
ISSN: 1065-0741

Keywords

Article
Publication date: 12 June 2007

Sarandis Mitropoulos, Dimitrios Patsos and Christos Douligeris

Security information management systems (SIMs) have been providing a unified distributed platform for the efficient management of security information produced by corresponding…

1985

Abstract

Purpose

Security information management systems (SIMs) have been providing a unified distributed platform for the efficient management of security information produced by corresponding mechanisms within an organization. However, these systems currently lack the capability of producing and enforcing response policies, mainly due to their limited incident response (IR) functionality. This paper explores the nature of SIMs while proposing a set of requirements that could be satisfied by SIMs for the efficient and effective handling of security incidents.

Design/methodology/approach

These requirements are presented in a high‐level architectural concept and include policy visualization, system intelligence to enable automated policy management, as well as, data mining elements for inspection, evaluation and enhancements of IR policies.

Findings

A primitive mechanism that could guarantee the freshness and accuracy of state information that SIMs provide in order to launch solid response alarms and actions for a specific incident or a series of incidents is proposed, along with a role based access control administrative model (ARBAC) based on a corporate model for IR. Basic forensic and trace‐back concepts that should be integrated into SIMs in order to provide the rich picture of the IR puzzle are also examined.

Practical implications

The support of policy compliance and validation tools to SIMs is also addressed.

Originality/value

The aforementioned properties could greatly assist in automating the IR capability within an organization.

Details

Information Management & Computer Security, vol. 15 no. 3
Type: Research Article
ISSN: 0968-5227

Keywords

Book part
Publication date: 28 September 2023

Ieva Auzina, Tatjana Volkova, Diego Norena-Chavez, Marta Kadłubek and Eleftherios Thalassinos

There is a research gap in the explanation of cyber incident response approaches in management to increase cyber maturity for small–medium-size enterprises (SMEs). Therefore…

Abstract

There is a research gap in the explanation of cyber incident response approaches in management to increase cyber maturity for small–medium-size enterprises (SMEs). Therefore, based on the literature analysis, the chapter aims to (1) provide cyber incident response characteristics, (2) show the importance for SMEs, (3) identify cyber incident response feasibility and causal factors, (4) provide scenarios for consideration to create an incident response plan (IRP), and (5) discuss the cyber incident response and managerial approaches in SMEs. The authors used content analysis of scientific and professional articles to develop the theoretical foundation of incident response approaches in management for SMEs. The authors start from the fundamentals to obtain knowledge and understanding of the latest threats and opportunities, and how to defend themselves using the limited capacity of resources might be the starting point to building an extensive incident response capability. Incident response capabilities and maturity levels vary widely between various organisations. There is no simple one-size-fits-all process for incident response; each case is unique and requires continuous refinement. Differentiation and adaptation to different types of SMEs are pivotal to developing cyber maturity and defining requirements that fit the market’s needs and are therefore more efficient in achieving the goal of increasing cyber security (CS) among business management. SMEs may not have a mature IRP, but at least one readiness indicator could lead to the preparation of a mature IRP. Implementation of the secure undertakings and information processes requires using modern information and communication technologies, incident response processes, and other modules that could enhance support for decision-making processes in management. The approach requires a systematic approach to issues related to constructing these solutions. The authors highlight that building efficient incident response approaches in management to improve cyber maturity will begin with infrastructure and people factors.

Details

Digital Transformation, Strategic Resilience, Cyber Security and Risk Management
Type: Book
ISBN: 978-1-80455-254-4

Keywords

Article
Publication date: 2 March 2023

Giddeon Njamngang Angafor, Iryna Yevseyeva and Leandros Maglaras

This paper aims to discuss the experiences designing and conducting an experiential learning virtual incident response tabletop exercise (VIRTTX) to review a business's security

Abstract

Purpose

This paper aims to discuss the experiences designing and conducting an experiential learning virtual incident response tabletop exercise (VIRTTX) to review a business's security posture as it adapts to remote working because of the Coronavirus 2019 (COVID-19). The pandemic forced businesses to move operations from offices to remote working. Given that this happened quickly for many, some firms had little time to factor in appropriate cyber-hygiene and incident prevention measures, thereby exposing themselves to vulnerabilities such as phishing and other scams.

Design/methodology/approach

The exercise was designed and facilitated through Microsoft Teams. The approach used included a literature review and an experiential learning method that used scenario-based, active pedagogical strategies such as case studies, simulations, role-playing and discussion-focused techniques to develop and evaluate processes and procedures used in preventing, detecting, mitigating, responding and recovering from cyber incidents.

Findings

The exercise highlighted the value of using scenario-based exercises in cyber security training. It elaborated that scenario-based incident response (IR) exercises are beneficial because well-crafted and well-executed exercises raise cyber security awareness among managers and IT professionals. Such activities with integrated operational and decision-making components enable businesses to evaluate IR and disaster recovery (DR) procedures, including communication flows, to improve decision-making at strategic levels and enhance the technical skills of cyber security personnel.

Practical implications

It maintained that the primary implication for practice is that they enhance security awareness through practical experiential, hands-on exercises such as this VIRTTX. These exercises bring together staff from across a business to evaluate existing IR/DR processes to determine if they are fit for purpose, establish existing gaps and identify strategies to prevent future threats, including during challenging circumstances such as the COVID-19 outbreak. Furthermore, the use of TTXs or TTEs for scenario-based incident response exercises was extremely useful for cyber security practice because well-crafted and well-executed exercises have been found to serve as valuable and effective tools for raising cyber security awareness among senior leadership, managers and IT professionals (Ulmanová, 2020).

Originality/value

This paper underlines the importance of practical, scenario-based cyber-IR training and reports on the experience of conducting a virtual IR/DR tabletop exercise within a large organisation.

1 – 10 of over 14000