A Model for Afghanistan’s Cyber Security Incident Response Team

Jalal, Islahuddin; Yusof, Maryati Mohd.; Shukur, Zarina; Mokhtar, Mohd Rosmadi

doi:10.18517/ijaseit.8.6.6692

Cited by 2 publications

(3 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The phases are preparation, discovery, containment, investigation, remediation, prevention, and lessons learned (Adamov & Carlsson, 2016). The incident lifecycle presented identification and declaration, analysis, response, and lessons learned phases (Jalal et al, 2018). Al-Dhaqm et al (2020) suggested the incident phases include pre-incident response, incident response, and post-incident response.…”

Section: Cyber Incident Responsementioning

confidence: 99%

“…There were several similarities and differences between the academic literature and the perspectives of ecommerce industry fraud experts. The literature review identified an incident response model that included preparation, discovery, containment, analysis, response, and improvement phases (Adamov & Carlsson, 2016;Al-Dhaqm et al, 2020;Jalal et al, 2018;Lamis, 2010;Pilitsky et al, 2021;Pinto & Talley, 2006;Rollason-Reese, 2003;Ruefle et al, 2014;Sadik et al, 2020,). The five cyber incident phases of the empirical model were similar the literature model's preparation, discovery, analysis, response, and improvement phases.…”

Section: Processesmentioning

confidence: 99%

See 1 more Smart Citation

Ecommerce Fraud Incident Response: A Grounded Theory Study

Dwight

2023

IJIKM

View full text Add to dashboard Cite

Aim/Purpose: This research study aimed to explore ecommerce fraud practitioners’ experiences and develop a grounded theory framework to help define an ecommerce fraud incident response process, roles and responsibilities, systems, stakeholders, and types of incidents. Background: With a surge in global ecommerce, online transactions have become increasingly fraudulent, complex, and borderless. There are undefined ecommerce fraud roles, responsibilities, processes, and systems that limit and hinder cyber incident response to fraudulent activities. Methodology: A constructivist grounded theory approach was used to investigate and develop a theoretical foundation of ecommerce fraud incident response based on fraud practitioners’ experiences and job descriptions. The study sample consisted of 8 interviews with ecommerce fraud experts. Contribution: This research contributes to the body of knowledge by helping define a novel framework that outlines an ecommerce fraud incident response process, roles and responsibilities, systems, stakeholders, and incident types. Findings: An ecommerce fraud incident response framework was developed from fraud experts’ perspectives. The framework helps define processes, roles, responsibilities, systems, incidents, and stakeholders. The first finding defined the ecommerce fraud incident response process. The process includes planning, identification, analysis, response, and improvement. The second finding was that the fraud incident response model did not include the containment phase. The next finding was that common roles and responsibilities included fraud prevention analysis, tool development, reporting, leadership, and collaboration. The fourth finding described practitioners utilizing hybrid tools and systems for fraud prevention and detection. The fifth finding was the identification of internal and external stakeholders for communication, collaboration, and information sharing. The sixth finding is that research participants experienced different organizational alignments. The seventh key finding was stakeholders do not have a holistic view of the data and information to make some connections about fraudulent behavior. The last finding was participants experienced complex fraud incidents. Recommendations for Practitioners: It is recommended to adopt the ecommerce fraud response framework to help ecommerce fraud and security professionals develop an awareness of cyber fraud activities and/or help mitigate cyber fraud activities. Future Research: Future research could entail conducting a quantitative analysis by surveying the industry on the different components such as processes, systems, and responsibilities of the ecommerce fraud incident response framework. Other areas to explore and evaluate are maturity models and organizational alignment, collaboration, information sharing, and stakeholders. Lastly, further research can be pursued on the nuances of ecommerce fraud incidents using frameworks such as attack graph generation, crime scripts, and attack trees to develop ecommerce fraud response playbooks, plans, and metrics.

show abstract

Section: Cyber Incident Responsementioning

confidence: 99%

Section: Processesmentioning

confidence: 99%

Ecommerce Fraud Incident Response: A Grounded Theory Study

Dwight

2023

IJIKM

View full text Add to dashboard Cite

show abstract

“…However, less-developed countries have fewer funding alternatives when compared to developed ones (Skierka and Hohmann, 2015). For these countries, some alternative options include government sponsorship, fee-based services, in-kind supports, or a combination of these could be funding alternatives for national CSIRTs (Jalal et al, 2018). Likewise, in lowincome countries, the availability of qualified staff or solid technology pipeline, training options, external support, and cultural differences create greater challenges due to limited critical infrastructure, lower living standards, underdeveloped industrial base, and low HDI.…”

Section: The Need For National Csirts In Low-income Countriesmentioning

confidence: 99%

Mitigating Global Cyber Risk Through Bridging the National Incident Response Capacity Gap

Dubois

Tatar

2022

iccws

View full text Add to dashboard Cite

Cyber-attacks know no borders. Given the globally connected environment, no region or country is secure against cyber-attacks unless the entire world is secure or has cyber capabilities. Yet, whether preventive or reactive, cyber countermeasures require coordination and engagement of various organizations, government bodies, and citizens of different countries. Although a variety of countermeasures exist, Computer Security Incident Response Teams (CSIRTs) have been deemed necessary systems in defending against and preventing cyberattacks, further supporting a nation’s cyber capacity and limiting the harm to citizens, businesses, and governments. Despite calls for establishing CSIRTs at the national level, especially toward protecting critical infrastructure and lives from cyber threats, various discrepancies exist based on a nation’s resources, capabilities, and needs. Limited research delves into the cyber capabilities of low-income countries despite an emphasis on improving global cyber capacity, leading to a need to establish a framework for low-income countries to address the unique needs with lessons learned from existing standards. CSIRTs can improve the cybersecurity posture of countries, so we seek to investigate how low-income countries can better mitigate cyber threats through cyber capacity building, including the creation of CSIRTs. This work-in-progress paper aims to investigate cyber incident response capacity building at the national level in low-income countries and identify challenges they may face in contributing to a more secure global cyberspace. Stemming from this paper, we will conduct a survey of national CSIRTs in low-income countries and conduct semi-structured interviews to further investigate their role. The implications of our research are far-spreading, assisting academics, practitioners, and governments in developing research, processes, and policies to aid low-income countries in their national cyber capacity building.

show abstract

A Model for Afghanistan’s Cyber Security Incident Response Team

Cited by 2 publications

References 6 publications

Ecommerce Fraud Incident Response: A Grounded Theory Study

Ecommerce Fraud Incident Response: A Grounded Theory Study

Mitigating Global Cyber Risk Through Bridging the National Incident Response Capacity Gap

Contact Info

Product

Resources

About