Abstract
Hardly a week goes by without headlines about new cyber-attacks. As the sophistication of cyber-attacks constantly increases, organizations have to consider to be affected by attacks. In order to effectively and efficiently react to an incident, professional and well-organized incident management has to be in place. The major goal of this paper is to support organizations to develop and improve their cyber-security incident management. Therefore, in this work, a readiness model, covering nearly 80 topics and 500 requirements in the domain of incident management, is introduced.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
CERT.at “CERT.at Statistiken”. https://www.cert.at/services/statistics/statistics.html. Accessed 20 June 2018
Trevor White, D.L., Anderson, M., Team, S.: Global economic crime survey 2016 - adjusting the lens on economic crime preparation brings opportunity back into focus. pricewaterhousecoopers, Technical report (2016). http://www.pwc.com/gx/en/economic-crime-survey/pdf/GlobalEconomicCrimeSurvey2016.pdf
Wood, P., et al.: Internet security threat report. Symantec, Technical report, April 2016
Center for Strategic and International Studies, “Net losses: Estimating the global cost of cybercrime,” June 2014. https://www.sbs.ox.ac.uk/cybersecurity-capacity/system/files/McAfee%20and%20CSIS%20-%20Econ%20Cybercrime.pdf. Accessed 18 June 2018
Deloitte, Cyber crisis management: Readiness, response and recovery (2016). https://www2.deloitte.com/content/dam/Deloitte/global/Documents/Risk/gx-cm-cyber-pov.pdf. Accessed 20 June 2018
Bromiley, M., Lee, R.: Incident response capabilities in 2016: the 2016 sans incident response survey. SANS Institute InfoSec Reading Room, June 2016. https://www.sans.org/reading-room/whitepapers/incident/incident-responsecapabilities-2016-2016-incident-response-survey-37047. 20 June 2018
ISO/IEC 27035 - Information technology - Security techniques - Information security incident management, ISO/IEC Std.
ISO/IEC 27002:2014 - Information technology - Security techniques - Code of practice for information security controls (ISO/IEC 27002:2013 + Cor 1:2014), ISO/IEC Std. 27002:2014, Rev. cor. 1:2014 (2014)
Computer Security Incident Handling Guide, NIST Std. 800-61, Rev. 2, August 2012. https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-61r2.pdf. Accessed 20 June 2018
Kral, P.: Incident handler’s handbook. SANS Institute InfoSec Reading Room, December 2011. https://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901. 20 June 2018
Proffitt, T.: Creating and managing an incident response team for a large company. SANS Institiute InfoSec Reading Room (2007). https://www.sans.org/reading-room/whitepapers/incident/creating-managing-incidentresponse-team-large-company-1821. 20 June 2018
IT-Grundschutz B 1.8 Behandlung von Sicherheitsvorfällen, Bundesamt für Sicherheit in der Informationstechnik Std., Rev. 11. EL Stand (2009). https://www.bsi.bund.de/DE/Themen/ITGrundschutz/ITGrundschutzKataloge/Inhalt/_content/baust/b01/b01008.html
Creasey, J.: Cyber security incident response guide. CREST (2013). https://www.crest-approved.org/wp-content/uploads/2014/11/CSIR-Procurement-Guide.pdf. Accessed 20 June 2018
ENISA, “Good practice guide for incident management,” December 2010. https://www.enisa.europa.eu/publications/good-practice-guide-for-incident-management. Accessed 20 June 2018
West-Brown, M.J., et al.: Handbook for computer security incident response teams (csirts), April 2003. http://resources.sei.cmu.edu/asset_files/Handbook/2003_002_001_14102.pdf. Accessed 20 June 2018
Bazin, A.A.: Boyds OODA Loop and the Infantry Company. Infantery Magazin, January-February 2005. https://www.academia.edu/attachments/34552740/download_file?st=MTQxNzczOTU2MSwxMDguMjYuMTIzLjE2MQ%3D%3D&s=popover. Accessed 18 June 2018
Council of European Union: Regulation (eu) 2016/679 of the european parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/ec (general data protection regulation), April 2016. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG. Accessed 20 June 2018
Councile of European Union: Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union, July 2016. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.194.01.0001.01.ENG. Accessed 20 June 2018
Acknowledgements
The financial support by the Austrian Federal Ministry for Digital and Economic Affairs and the National Foundation for Research, Technology and Development is gratefully acknowledged.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Rieger, D., Tjoa, S. (2019). A Readiness Model for Measuring the Maturity of Cyber Security Incident Management. In: Xhafa, F., Barolli, L., Greguš, M. (eds) Advances in Intelligent Networking and Collaborative Systems. INCoS 2018. Lecture Notes on Data Engineering and Communications Technologies, vol 23. Springer, Cham. https://doi.org/10.1007/978-3-319-98557-2_26
Download citation
DOI: https://doi.org/10.1007/978-3-319-98557-2_26
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-98556-5
Online ISBN: 978-3-319-98557-2
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)