Best Practices for National Cyber Security: Building a National Computer Security Incident Management Capability

Haller, John S.; Merrell, Samuel A.; Butkovic, Matthew J.; Willke, Bradford J.

doi:10.21236/ada536721

Cited by 8 publications

(5 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We prefer and adopt the more appropriate ISIMC acronym (see, for example, Stikvoort, 2010;and Haller, Merrell, Butkovic & Willke, 2011), which refers to national or sector-based teams where national ISIMCs should ideally be responsible for aiding the establishment of other lower-level capabilities or CSIRTs (see Figure 1). An ISIMC provides services and support to a constituency or client by preventing, detecting and responding to information security incidents.…”

Section: Establishment Of a National Information Security Incident Mamentioning

confidence: 99%

Best Practices for Establishment of a National Information Security Incident Management Capability (ISIMC)

Pretorius

Ngejane

2019

Afr. j. inf. commun. (Online)

View full text Add to dashboard Cite

The South African Government's National Cybersecurity Policy Framework (NCPF) of 2012 provides for the establishment of a national computer security incident response team (CSIRT) in the form of the National Cybersecurity Hubmore correctly referred to as an information security incident management capability (ISIMC). Among other things, the National Cybersecurity Hub is mandated to serve as a high-level national ISIMC that works in collaboration with sector ISIMCs to improve South Africa's critical infrastructure security. In this article, we identify standards, policies, procedures and best practices regarding the establishment of ISIMCs, and we provide recommendations for South Africa's deployment of an ISIMC collaboration network.

show abstract

Section: Establishment Of a National Information Security Incident Mamentioning

confidence: 99%

Best Practices for Establishment of a National Information Security Incident Management Capability (ISIMC)

Pretorius

Ngejane

2019

Afr. j. inf. commun. (Online)

View full text Add to dashboard Cite

show abstract

“…Given the degree of dependence of the modern society on information and communication technologies and the increasing trend of dependency, it is necessary for all states to adopt appropriate regulations and set up specific bodies in order to effectively manage the risks in critical information infrastructures [8].…”

Section: Vulnerabilities Of Critical Information Infrastructuresmentioning

confidence: 99%

Risk Management in Critical Information Infrastructures

Vuletić¹,

Šaranović²,

Vulić³

2019

Proceedings of the 5th IPMA SENET Project Management Conference (SENET 2019)

View full text Add to dashboard Cite

We live in a time of great dependence on increasingly networked information and communication technologies, which besides numerous advantages, also have certain negative aspects. The paper gives a brief description and importance of critical information infrastructures and their vulnerabilities and protection. In the final part of the work are proposed strategies for risk management in the critical information infrastructures (information systems).

show abstract

“…CSIRT creation focuses on establishing CSIRT capabilities [45][46]. Aspects in this area include: (i) the scope of the CSIRT's constituency, which can be institutional, national, regional, and global when considering geographical and organizational borders; Morgus et al [47] provides an example.…”

Section: A Financial Csirtmentioning

confidence: 99%

Cybersecurity incident response capabilities in the Ecuadorian financial sector

Catota

Morgan

Sicker

2018

Journal of Cybersecurity

View full text Add to dashboard Cite

Cyber-threats have been successfully targeting the financial sector worldwide. While much of the efforts and resources to address the risk imposed by these cyber threats are directed at developed economies, far less attention has been devoted to developing nations. Because many of these nations have modest cyber capabilities, their ability to respond to cyber-attacks can be limited, yet they need to respond to these attacks to protect their critical financial infrastructure. This study explores the challenges that the Ecuadorian financial industry confronts when dealing with cybersecurity incidents and examines two potential strategies often applied in the developed world-"Computer Security Incident Response Teams (CSIRT)" and "information sharing"-to improve the sector's cybersecurity capabilities to respond to the associated risk. Thirty-three semistructured interviews with multiple stakeholders (financial security managers and security officers, authorities, and managers at Internet service providers) were conducted using both structured and open-ended questions, and two cyber-attacks scenarios. Based upon a qualitative text analysis, this work reports on experiences with security incidents, barriers to responding to threats, and stakeholders' desired responses. We find that the Ecuadorian financial sector already confronts cybersecurity risks, driven by both outsiders and insiders, which result in fraud and operational failures. The sector faces constraints imposed by computer users' lack of awareness, scarcity of financial and technical resources, and challenges imposed by the ecosystem, such as little community support and weaknesses in the legal framework that has only recently been somewhat strengthened. In the pursuit of improvement, stakeholders' postures suggest that there is an opportunity to establish better incident response strategies for the Ecuadorian financial services through the creation of a CSIRT and an information-sharing program. To decrease uncertainty about threats, stakeholders are more likely to share technical information as opposed to quantitative information about security incidents.

show abstract

Best Practices for National Cyber Security: Building a National Computer Security Incident Management Capability

Cited by 8 publications

References 0 publications

Best Practices for Establishment of a National Information Security Incident Management Capability (ISIMC)

Best Practices for Establishment of a National Information Security Incident Management Capability (ISIMC)

Risk Management in Critical Information Infrastructures

Cybersecurity incident response capabilities in the Ecuadorian financial sector

Contact Info

Product

Resources

About