Capabilities and Skill Configurations of Information Security Incident Responders

McLaughlin, Mark-David; D’Arcy, John; Cram, W. Alec; Gogan, Janis L.

doi:10.24251/hicss.2017.598

Cited by 3 publications

(2 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The use of free text makes is difficult to ensure that all stakeholders share the same understanding of the argument [30]. Clear written communication and the capability to process knowledge in an organised manner are essential skills in incident response teams [46]. The cyber security communities have realised the importance and believe that interactive visualisation systems can help improve security decision making in incident response [47,48].…”

Section: Lessons Learned Sharing Using Diagramsmentioning

confidence: 99%

Security Assurance Modelling of Security Incident in Healthcare using the Generic Security Template (GST)

Luo

2020

Preprint

View full text Add to dashboard Cite

Background: The recent industry reports show that the number of security incidents in healthcare sector is still increasing, especially the high severity incident, such as data leakage incident and ransomware, which can lead to significant impact on healthcare services. It is imperative for the organizations to learn lessons from those incidents. Traditional ways to disseminate lessons learned are based on text approach, the linear format of which can obscure relationships among concepts and discourage readers from integrating information across ideas. Graphical diagrams can serve this purpose, as it can communicate both individual elements of information and relationships between them. Methods: The Generic Security Template (GST) has been proposed to support the exchange of lessons learned from security incidents. It utilises graphical notations to communicate both individual elements of information and relationships between them. This paper conducts a case study by adopting the GST to capture and structure the incident information of a data leakage incident in a UK healthcare organization in order to facilitate incident exchange. Results: The results show that, the GST was able to visualise and depict the key elements, including lessons learned, the associated security requirements and organizational contextual information identified from the selected data leakage incident case study from NHS. GST provides a unified way to communicate incident information. Conclusions: This research has significance for the healthcare organizations to improve their incident learning practices. It fosters an environment where different stakeholders can speak the same language while exchanging the lessons learned from the security incidents. Future work will consider apply the GST to analyse other complex security incidents such as the advanced persistent threats (APTs) in healthcare organizations and extend the use of the GST in other industries. Keywords: Security Assurance Modelling, Generic Security Template (GST), Security Incident, Healthcare Organization.

show abstract

Section: Lessons Learned Sharing Using Diagramsmentioning

confidence: 99%

Security Assurance Modelling of Security Incident in Healthcare using the Generic Security Template (GST)

Luo

2020

Preprint

View full text Add to dashboard Cite

show abstract

“…This area involves: (i) organizational models for operations, such as centralized, distributed, and coordinating CSIRTs [24], (ii) operational functions related to managing incidents, which include handling, announcement, feedback, interactions, and information handling [43], (iii) requirements and resources such as human capacity [50][51], skills [52], infrastructure [53], and tools, and (iv) legal issues (e.g. cooperation with police investigations) and media relations.…”

Section: A Financial Csirtmentioning

confidence: 99%

Cybersecurity incident response capabilities in the Ecuadorian financial sector

Catota

Morgan

Sicker

2018

Journal of Cybersecurity

View full text Add to dashboard Cite

Cyber-threats have been successfully targeting the financial sector worldwide. While much of the efforts and resources to address the risk imposed by these cyber threats are directed at developed economies, far less attention has been devoted to developing nations. Because many of these nations have modest cyber capabilities, their ability to respond to cyber-attacks can be limited, yet they need to respond to these attacks to protect their critical financial infrastructure. This study explores the challenges that the Ecuadorian financial industry confronts when dealing with cybersecurity incidents and examines two potential strategies often applied in the developed world-"Computer Security Incident Response Teams (CSIRT)" and "information sharing"-to improve the sector's cybersecurity capabilities to respond to the associated risk. Thirty-three semistructured interviews with multiple stakeholders (financial security managers and security officers, authorities, and managers at Internet service providers) were conducted using both structured and open-ended questions, and two cyber-attacks scenarios. Based upon a qualitative text analysis, this work reports on experiences with security incidents, barriers to responding to threats, and stakeholders' desired responses. We find that the Ecuadorian financial sector already confronts cybersecurity risks, driven by both outsiders and insiders, which result in fraud and operational failures. The sector faces constraints imposed by computer users' lack of awareness, scarcity of financial and technical resources, and challenges imposed by the ecosystem, such as little community support and weaknesses in the legal framework that has only recently been somewhat strengthened. In the pursuit of improvement, stakeholders' postures suggest that there is an opportunity to establish better incident response strategies for the Ecuadorian financial services through the creation of a CSIRT and an information-sharing program. To decrease uncertainty about threats, stakeholders are more likely to share technical information as opposed to quantitative information about security incidents.

show abstract

Consciousness of cyber defense: A collective activity system for developing organizational cyber awareness

Gross

2021

Computers & Security

View full text Add to dashboard Cite

Capabilities and Skill Configurations of Information Security Incident Responders

Abstract: Abstract

Cited by 3 publications

References 37 publications

Security Assurance Modelling of Security Incident in Healthcare using the Generic Security Template (GST)

Security Assurance Modelling of Security Incident in Healthcare using the Generic Security Template (GST)

Cybersecurity incident response capabilities in the Ecuadorian financial sector

Consciousness of cyber defense: A collective activity system for developing organizational cyber awareness

Contact Info

Product

Resources

About