A Security Coordination Model for an Inter-Organizational Information Incidents Response Supporting Forensic Process

Jeong, Kimoon; Park, Jun Hyung; Kim, Min‐Soo; Noh, Bong-Nam

doi:10.1109/ncm.2008.126

Cited by 4 publications

(11 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Decision Service Unit: Most of the reviewed security orchestration systems have decision services unit that orchestrates the activities for automated decision-making [78,81,84,95]. The decision service unit makes security policy decision(s) related to vulnerability and threat assessment and assessment of security enforcement system [60].…”

Section: Orchestration Unitmentioning

confidence: 99%

“…Most of the incident response teams follow no collaborative process while planning how to respond to a particular incident which results in poor strategies plan [45]. Several papers [30,59,78] reveal that stakeholders from different organizations are unwilling to share threat intelligence with each other. Jeong et al [78] have reported organizations' fear of losing reputation is one of the reasons for their unwillingness to share their security circumstances with other organizations.…”

Section: Lack Of Coordination and Collaboration Among Stakeholders Anmentioning

confidence: 99%

See 1 more Smart Citation

A Multi-Vocal Review of Security Orchestration

2019

View full text Add to dashboard Cite

Organizations use diverse types of security solutions to prevent cyber-attacks. Multiple vendors provide security solutions developed using heterogeneous technologies and paradigms. Hence, it is a challenging rather impossible to easily make security solutions to work an integrated fashion. Security orchestration aims at smoothly integrating multivendor security tools that can effectively and efficiently interoperate to support security staff of a Security Operation Centre (SOC). Given the increasing role and importance of security orchestration, there has been an increasing amount of literature on different aspects of security orchestration solutions. However, there has been no effort to systematically review and analyze the reported solutions. We report a Multivocal Literature Review that has systematically selected and reviewed both academic and grey (blogs, web pages, white papers) literature on different aspects of security orchestration published from January 2007 until July 2017. The review has enabled us to provide a working definition of security orchestration and classify the main functionalities of security orchestration into three main areas -unification, orchestration, and automation. We have also identified the core components of a security orchestration platform and categorized the drivers of security orchestration based on technical and socio-technical aspects. We also provide a taxonomy of security orchestration based on the execution environment, automation strategy, deployment type, mode of task and resource type. This review has helped us to reveal several areas of further research and development in security orchestration. CCS ConceptsGeneral and reference → Survey and overviews; Security and privacy; Software engineering Additional Key Words and PhraseSecurity orchestration, security automation, multivocal literature review, intelligent security assistant.

show abstract

Section: Orchestration Unitmentioning

confidence: 99%

Section: Lack Of Coordination and Collaboration Among Stakeholders Anmentioning

confidence: 99%

A Multi-Vocal Review of Security Orchestration

2019

View full text Add to dashboard Cite

show abstract

“…They hope that experts can help them defend from cyber threats without damaging their reputation. To meet these needs of organizations, a co-ordination model that supports response to security incidents in organizational architecture is proposed [13]. Additionally, the model also supports the function of presenting and submitting digital evidence to competent authorities during real-time monitoring and incident investigation.…”

Section: Review Of Related Workmentioning

confidence: 99%

A Model for Optimal Planning of Information Security Incident Response Operations

İmamverdiyev¹

2018

JPIT

View full text Add to dashboard Cite

A quick and adequate response to handling of information security incidents is critical for ensuring business continuity. To handle such incidents, special CERT commands are required, but the cost of maintaining them is a burden for most organizations, and they prefer to use the services of special CERT service providers. This study proposes a model for the optimal distribution of information security incident response operations between CERT groups; the model is formulated as an optimization problem, and differential evolution algorithm is developed to solve it.

show abstract

“…Individual organisations are rarely able to maintain enough knowledge and expertise to respond to all emergent computer incidents, hence the need for collaboration with other external organisation and law enforcements. However, to remove potential threats like data privacy breaches, that are potential deterrents to this approach, the model brings to light the concept of Participant Organisation (PO) and Coordinator Organisation (CO) [11]. PO refers to individual organisation affected and that need to share information to ensure timely and successful neutralisation of an incident.…”

Section: Security Coordination Modelmentioning

confidence: 99%

“…The model also incorporates a forensic process that extracts real-time and onsite digital evidence from monitoring systems; furnishing external organisations with the results of an analysis of such evidences, to prevent future reoccurrence [11]. Foundation blocks for this security coordination model include; real-time detection and result reporting of cyber-attacks on the part of POs, provision of online/onsite response support, propagating security events based on digital evidence collected from real-time monitoring and onsite examination of security incidents in the POs, and sharing security incident events with external organisations [11]. Greater emphasis is on communication amongst external organisations, coordination organisation and participant organisations.…”

Section: Security Coordination Modelmentioning

confidence: 99%

A Comparative Assessment of Computer Security Incidence Handling

Ani

Agbanusi²

2014

BJMCS

View full text Add to dashboard Cite

Incidence response and handling has become quite a crucial, indispensible constituent of information technology security management, as it provides an organised way of handling the aftermaths of a security breach. It presents an organisation's reaction to illegitimate and unacceptable exploits on its assets or infrastructure. The goal must be to successfully neutralise the incident, such that damages are significantly reduced with attendant reduction in recovery time and costs. To achieve this, several approaches and methodologies proposed have been reviewed with a view to identifying essential processes. What is needed is referred to as incident capability mingled with collaborations. This defines a shift from response to management of computer security incidents in anointer relationship manner that foster collaboration through the exchange and sharing of incidence management details among several distinct organizations. Key step-up aspects centre on issues of enforcing and assuring trust and privacy. A viable collaborative incident response approach must be able to proffer both proactive and reactive mechanisms that are management-oriented and incorporating all required techniques and procedures.

show abstract

A Security Coordination Model for an Inter-Organizational Information Incidents Response Supporting Forensic Process

Cited by 4 publications

References 4 publications

A Multi-Vocal Review of Security Orchestration

A Multi-Vocal Review of Security Orchestration

A Model for Optimal Planning of Information Security Incident Response Operations

A Comparative Assessment of Computer Security Incidence Handling

Contact Info

Product

Resources

About