Computational Documentation of IT Incidents as Support for Forensic Operations

Kurowski, Sebastian; Frings, Sandra

doi:10.1109/imf.2011.18

Cited by 7 publications

(5 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Additionally, the above-mentioned Forensic Logging can be used only for the analysis of one case while the method of creating the context between several cases over time is not offered. So, case management system will be useful for the holistic documentation and management of the cases [125]. And this paper did not specifically deal with concurrent process.…”

Section: Discussionmentioning

confidence: 99%

K-FFRaaS: A Generic Model for Financial Forensic Readiness as a Service in Korea

Lee

Kim

2021

IEEE Access

View full text Add to dashboard Cite

While Korean financial companies are currently providing electronic financial services by establishing the high-level information technology and security system in accordance with the Electronic Financial Supervision Regulations (EFSR), they are rarely equipped with digital forensic readiness (DFR) to maximize the capability to collect critical digital evidence (DE). So, there is a limit to identifying the root cause of financial incidents and securing admissible DE. In this paper, there, the authors present Financial Forensic Readiness as a Service in Korea (K-FFRaaS), as DFR of financial companies to secure the admissible DE. Based on ISO/IEC 27043:2015 international standard, K-FFRaaS consists of 3 processes groups, namely: Planning processes group, Implementation processes group, and Assessment processes group. Planning processes group is the processes group to prepare the organization to be forensically ready before potential incidents happen. Implementation processes group is the stage to carry out the processes defined in the planning group. Assessment processes group consists of activities that evaluate whether the result of the implementation process group is consistent with the objective of K-FFRaaS. The contribution of this research is to present that the financial company can adopt the systematic management procedure for mitigating the causes of incidents, store admissible DE, and present scientific evidence to a court of law through K-FFRaaS.

show abstract

Section: Discussionmentioning

confidence: 99%

K-FFRaaS: A Generic Model for Financial Forensic Readiness as a Service in Korea

Lee

Kim

2021

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Future work will present an incorporation of this framework into Knime [38]. For this purpose, it will incorporate the model, among with the approach from [39], enabling a simulation study with a virtual IT infrastructure. The efforts will then result in a framework enabling the automatic detection of incidents in a virtual IT infrastructure and drawing conclusions regarding the reliability of the infrastructure components, and thus the infrastructure.…”

Section: Discussionmentioning

confidence: 99%

On Bayesian Trust and Risk Forecasting for Compound Systems

Raß

Kurowski

2013

2013 Seventh International Conference on IT Security Incident Management and IT Forensics

Self Cite

View full text Add to dashboard Cite

We present a probabilistic (frequentistic) model of trust with efficient Bayesian updating procedures and support of hierarchically structured systems. Trust is highly influenced on information gathered from different sources, like newspaper or scientific reports on the security or vulnerability of computer systems. Assuming text-mining and incident documentation facilities available that provide us with news relevant to a given system, we show how to compile this experience into a stochastic model of trust. In particular, our models admits efficient analysis towards forecasting of possible future issues and the determination of worst-case scenarios for a given security system. We empirically evaluate the sensitivity of the our trust measure based on simulations using a prototype implementation, which closely matches the natural way in which trust is established: it takes a considerably larger lot of positive incidents to outweigh a negative experience. Our model indeed confirms such imbalance. Moreover, as more and more information is going into the trust model, a change of trust in either direction requires an amount of positive or negative experience that almost equals the so-far recorded history. We believe that these effects make the trust model a reasonable choice to resemble the human valuation of trust, while being funded on statistical grounds to be compatible with quantitative or qualitative enterprise risk management. Index Termstrust modelling, IT incident management, security management, knowledge management, risk management, risk forecasting, bayesian learning, system security, information security I. INTRODUCTION Trust is a notoriously vague term, which is roughly understood as the expectation that the performance of a system adheres to its specification, meaning no deviations from the prescribed behavior whatsoever. Alternatively, trust can also mean expecting something not to happen at all, particularly if we express the belief in the intractability of some computational problem. This kind of trust is the fundament of most modern cryptographic primitives today, and justified on empirical grounds and experience.Nevertheless, due to the diversity of applications and their inherent differences in nature, trust is hard to formalize in a general setting, and up to now no commonly accepted definition appeared anywhere. In this work, we propose a very simplistic (as frequentistic) understanding of trust that compiles the experience made with a system into a numerical value reflecting the degree of trust. Updating this model shall be simple in the sense that new experience should directly find its way into the value so as to reach a more and more mature and reliable trust measure.Measuring and forecasting enterprise security risk is often a matter of confidence in the existing security systems, and especially when it comes to liability issues, as for example insurances strongly rely on hypothesis regarding the quality of protection of the insurance's object. It is experience that can either strengthen or...

show abstract

“…Low-impact incidents tend to remain unregistered, although organizations have systems in place for incident tracking (Cusick andMa, 2010, Kurowski andFrings, 2011). Cusick and Ma (2010) stressed the challenge of engineers just including a minimum amount of data in such registrations.…”

Section: Quality Of Incident Registrationsmentioning

confidence: 99%

Examining the suitability of industrial safety management approaches for information security incident management

Line

Albrechtsen

2016

Information &Amp; Computer Security

View full text Add to dashboard Cite

Purpose This paper discusses whether recent theoretical and practical approaches within industrial safety management might be applicable to, and solve challenges experienced in, the field of information security, specifically related to incident management.Design/methodology/approach Literature review. FindingsPrinciples, research, and experiences on the issues of plans, training, and learning in the context of industrial safety management would be suitable for adoption into the field of information security incident management and aid in addressing current challenges. Research limitations/implications (if applicable)There are a number of reasons why approaches from industrial safety management have something to offer to information security incident management: the former field is more mature and has longer traditions, there is more organizational research on industrial safety issues than on information security issues so far, individual awareness is higher for industrial safety risks, and worker participation in systematic industrial safety work is ensured by law. More organizational research on information security issues and continuous strengthening of individual security awareness would push information security to further maturity levels where current challenges are solved. Practical implications (if applicable)This paper shows that the field of information security incident management would gain from closer collaborations with industrial safety management, both in research and in practical loss prevention in organizations. The ideas discussed in this paper form a basis for further research on practical implementations and case studies. Originality/valueThe main audience of this paper includes information security researchers and practitioners, as they will find inspirational theories and experiences to bring into their daily work and future projects.

show abstract

Computational Documentation of IT Incidents as Support for Forensic Operations

Cited by 7 publications

References 1 publication

K-FFRaaS: A Generic Model for Financial Forensic Readiness as a Service in Korea

K-FFRaaS: A Generic Model for Financial Forensic Readiness as a Service in Korea

On Bayesian Trust and Risk Forecasting for Compound Systems

Examining the suitability of industrial safety management approaches for information security incident management

Contact Info

Product

Resources

About