2006
DOI: 10.1016/j.cose.2005.09.006
|View full text |Cite
|
Sign up to set email alerts
|

On Incident Handling and Response: A state-of-the-art approach

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
59
0
1

Year Published

2007
2007
2024
2024

Publication Types

Select...
4
4
1

Relationship

0
9

Authors

Journals

citations
Cited by 63 publications
(60 citation statements)
references
References 6 publications
0
59
0
1
Order By: Relevance
“…Meetings are held and notes are gathered to document responses, disagreements, suggestions and additions to security policies and incident procedures [18]. Issues to document include the effects of the damage, actions taken during the incident, policies and procedures that require a change and evidence that can be used for pursuing the responsible person(s) [21]. It is expected that healthcare organisations will act on these lessons, for instance by changes in procedures or training processes and incident response policies.…”
Section: Introductionmentioning
confidence: 99%
“…Meetings are held and notes are gathered to document responses, disagreements, suggestions and additions to security policies and incident procedures [18]. Issues to document include the effects of the damage, actions taken during the incident, policies and procedures that require a change and evidence that can be used for pursuing the responsible person(s) [21]. It is expected that healthcare organisations will act on these lessons, for instance by changes in procedures or training processes and incident response policies.…”
Section: Introductionmentioning
confidence: 99%
“…Apart from monitoring and alerting, a primary function of the EAM, as with a SEM, is to log events (Mitropoulos 2006). To this end, the event handler not only passes events to the EAE, but it stores all events directly in a database in encrypted form.…”
Section: Figure 2 -Figure Illustrating Components Of the Event Analysmentioning
confidence: 99%
“…There were well-structured models provided by SANS, NIST and ISO 27035 models consisting of several distinct phases to isolate an incident and appropriately respond to it, including preparation, identification, containment, eradication, recovery and follow-up [30]. A "follow-up" phase is an essential stage of the SIRH.…”
Section: Lessons Learned and Security Incident Response And Handlingmentioning
confidence: 99%