Institute Resilience Through Detection, Response, and Recovery

Blum, Dan

doi:10.1007/978-1-4842-5952-8_9

Cited by 7 publications

(3 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Typical IR frameworks are those proposed by NIST (Cichonski et al, 2012), CREST (Creasy, 2013), ISO (British Standards Institution, 2016) and Mitropoulos et al (2006), where each of these contains the following phases: preparation; detection and analysis; containment; eradication and recovery (which can constitute separate phases); and post incident review (or follow up). As such, while there are different IR models, which exhibit some minor differences, the archetypical IR Framework (Figure 1) entails that IR starts with the preparation phase, where the organisation considers the potential types, the impact, and the likelihood of breaches for their assets, and develops the relevant policies for each of these breaches (Blum, 2020). During detection and analysis, the organisation will assess the incident, and whether it constitutes an actual threat.…”

Section: The Incident Response Lifecycle and Current Challengesmentioning

confidence: 99%

Agile incident response (AIR): Improving the incident response process in healthcare

Zamani

Lloyd

et al. 2022

International Journal of Information Management

View full text Add to dashboard Cite

Section: The Incident Response Lifecycle and Current Challengesmentioning

confidence: 99%

Agile incident response (AIR): Improving the incident response process in healthcare

Zamani

Lloyd

et al. 2022

International Journal of Information Management

View full text Add to dashboard Cite

“…Although this model is conceptually correct, the authors did not specify the different tactics or the mandatory steps to accomplish this goal. More specific academic works, such as [41], have used this conceptual model, but also without deepening its tactics. Although this is a valid high-level approach, it does not specify what a SOC has to execute to achieve it.…”

Section: Techniques and Limitationsmentioning

confidence: 99%

SOC Critical Path: A Defensive Kill Chain Model

2022

View full text Add to dashboard Cite

Different kill chain models have been defined and analyzed to provide a common sequence of actions followed in offensive cyber operations. These models allow analysts to identify these operations and to understand how they are executed. However, there is a lack of an equivalent model from a defensive point of view: this is, there is no common sequence of actions for the detection of threats and their accurate response. This lack causes not only problems such as unstructured approaches and conceptual errors but, what is most important, inefficiency in the detection and response to threats, as defensive tactics are not well identified. For this reason, in this work we present a defensive kill chain approach where tactics for teams in charge of cyber defense activities are structured and arranged. We introduce the concept of SOC Critical Path (SCP), a novel kill chain model to detect and neutralize threats. SCP is a technology-independent model that provides an arrangement of mandatory steps, in the form of tactics, to be executed by Computer Network Defense teams to detect hostile cyber operations. By adopting this novel model, these teams increase the performance and the effectiveness of their capabilities through a common framework that formalizes the steps to follow for the detection and neutralization of threats. In this way, our work can be used not only to identify detection and response gaps, but also to implement a continuous improvement cycle over time.

show abstract

“…Although this model is conceptually correct, the authors did not specify the different tactics or the mandatory steps to accomplish this goal. More specific academic works, such as [75], have used this conceptual model, but also without deepening its tactics. Although this is a valid high-level approach, it does not specify what a SOC has to execute to achieve it.…”

Section: Techniques and Limitationsmentioning

confidence: 99%

Modeling of Advanced Threat Actors: Characterization, Categorization and Detection

Huerta¹

View full text Add to dashboard Cite

show abstract

Institute Resilience Through Detection, Response, and Recovery

Cited by 7 publications

References 0 publications

Agile incident response (AIR): Improving the incident response process in healthcare

Agile incident response (AIR): Improving the incident response process in healthcare

SOC Critical Path: A Defensive Kill Chain Model

Modeling of Advanced Threat Actors: Characterization, Categorization and Detection

Contact Info

Product

Resources

About