Handbook for Computer Security Incident Response Teams (CSIRTs)

West-Brown, Molra J.; Stikvoort, Don; Kossakowski, Klaus-Peter; Killcrece, Georgia; Ruefle, Robin

doi:10.21236/ada413778

Cited by 80 publications

(28 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Example post-incident reports included the VA data loss incidents [1,2] from the US, the NHS IT asset disposal incident [35] from UK. They provided a reference that can be used to assist in handling similar incidents [26,36]. Contents included the causes of the incident, the recommendations on remediation, the security requirements violated and improvements on procedures.…”

Section: Lessons Learned Disseminationmentioning

confidence: 99%

Challenges of information security incident learning: An industrial case study in a Chinese healthcare organization

Johnson

2017

Informatics for Health and Social Care

View full text Add to dashboard Cite

Security incidents can have negative impacts on healthcare organisations and the security of medical records has become a primary concern of the public.However, previous studies showed that organisations had not effectively learned lessons from security incidents. Incident learning as an essential activity in the "follow-up" phase of security incident response lifecycle, has long been addressed but not given enough attention. This paper conducted a case study in a healthcare organisation in China to explore their current obstacles in the practice of incident learning. We interviewed both IT professionals and healthcare professional. The results showed that the organisation did not have a structured way to gather and redistribute incident knowledge. Incident response was ineffective in cycling incident knowledge back to inform security management.Incident reporting to multiple stakeholders faced a great challenge. In response to this case study, we suggest the security assurance modelling framework to address those obstacles.

show abstract

Section: Lessons Learned Disseminationmentioning

confidence: 99%

Challenges of information security incident learning: An industrial case study in a Chinese healthcare organization

Johnson

2017

Informatics for Health and Social Care

View full text Add to dashboard Cite

show abstract

“…NIST [15,16] and SANS [17,18] have stressed the importance to share security lessons. They require that the insights from previous security breaches are documented, reviewed, presented and integrated back into the incident response process for future improvement.…”

Section: Sharing Of Security Lessonsmentioning

confidence: 99%

Improving the Exchange of Lessons Learned in Security Incident Reports: Case Studies in the Privacy of Electronic Patient Records

Johnson

Lyu

et al. 2014

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

The increasing use of Electronic Health Records has been mirrored by a similar rise in the number of security incidents where confidential information has inadvertently been disclosed to third parties. These problems have been compounded by an apparent inability to learn from previous violations; similar security incidents have been observed across Europe, North America and Asia. This has resulted in the loss of confidence and trust of the public towards the organisations' ability to protect the patients' private information. The Generic Security Template (G.S.T.) has been proposed to communicate security lessons learned from previous security incidents. This paper conducts a series of empirical studies to evaluate the usability of the G.S.T. The first study compares the G.S.T. with the conventional text-based security incident reports. The two methods were compared in term of the users' ability to identify a number of lessons learned from investigations into previous incidents involving the disclosure of healthcare records. The study showed that the graphical approach resulted in higher accuracy in terms of number of correct answers generated by participants. However, subjective feedback raised further questions about the usability of the G.S.T. as the readers of security incident reports try to interpret the lessons that can increase the security of patient data. The second study further evaluates the usability of the G.S.T. using the Cognitive Dimensions and identifies some aspects that need to be improved.

show abstract

“…Table 2, roles are also organised by means of the isA and isPartOf relations, reflecting particularisation and membership to a complex role, respectively; the second one models cases such as the participation of a role NetworkAdministrator in the Computer Security Incident Response Team (CSIRT) [57], semantically defined as CSIRT.…”

Section: Users and Rolesmentioning

confidence: 99%

A privacy-aware access control model for distributed network monitoring

Papagiannakopoulou

Koukovini

Lioudakis

et al. 2013

Computers & Electrical Engineering

View full text Add to dashboard Cite

Despite the usefulness of network monitoring for the operation, maintenance, control and protection of communication networks, as well as law enforcement, network monitoring activities are surrounded by serious privacy implications. Their inherent leakage-proneness is harshened due to the increasing complexity of the monitoring procedures and infrastructures, that may include multiple traffic observation points, distributed mitigation mechanisms and even inter-operator cooperation. However, current approaches present limitations in effectively addressing such privacy issues, as they have not been designed for meeting the particular requirements of distributed network monitoring and conceptualising the corresponding functionalities and infrastructures; additionally, they are not suitable for highly dynamic and distributed environments and for automating privacy-awareness. In this paper, we introduce a new access control model that aims at addressing these concerns; it is conceived on the basis of data protection legislation, as well as distributed network monitoring. The proposed approach provides rich expressiveness, captures all the underlying concepts along with their associations and enables the specification of contextual authorisation policies and * Corresponding author.Email address: epapag@icbnet.ntua.gr (Eugenia I. Papagiannakopoulou) ⋆ This is a revised and expanded version of a paper that appeared in the proceedings of the 4th MITACS Workshop on Foundations & Practice of Security, Paris, France, May 2011, pp. 208-217 [44]. Computers & Electrical Engineering 2011 June 7, 2012 expressive separation and binding of duty constraints. Finally, two key innovations of our work consist in the ability to define access control rules in any possible level of abstraction and in enabling a verification procedure which results in inherently privacy-aware workflows, thus minimising run-time reasoning overheads and fostering the realisation of the Privacy by Design vision. Preprint submitted to Elsevier

show abstract

Handbook for Computer Security Incident Response Teams (CSIRTs)

Cited by 80 publications

References 0 publications

Challenges of information security incident learning: An industrial case study in a Chinese healthcare organization

Challenges of information security incident learning: An industrial case study in a Chinese healthcare organization

Improving the Exchange of Lessons Learned in Security Incident Reports: Case Studies in the Privacy of Electronic Patient Records

A privacy-aware access control model for distributed network monitoring

Contact Info

Product

Resources

About