2010
DOI: 10.1108/09685221011035241
|View full text |Cite
|
Sign up to set email alerts
|

Preparation, detection, and analysis: the diagnostic work of IT security incident response

Abstract: Purpose -The purpose of this paper is to examine security incident response practices of information technology (IT) security practitioners as a diagnostic work process, including the preparation phase, detection, and analysis of anomalies. Design/methodology/approach -The data set consisted of 16 semi-structured interviews with IT security practitioners from seven organizational types (e.g. academic, government, and private). The interviews were analyzed using qualitative description with constant comparison … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

3
54
0
1

Year Published

2013
2013
2020
2020

Publication Types

Select...
5
2

Relationship

0
7

Authors

Journals

citations
Cited by 77 publications
(58 citation statements)
references
References 25 publications
3
54
0
1
Order By: Relevance
“…It is also worth noting that in one retrospective, one of the SIHs indicated that the reason why they could not investigate the contents of the Windows Registry was due to limited tool access. This supports previous findings that individuals within security incident response, often need specialized tools and/or they have to develop their own tools to perform specific exploratory tasks (Werlinger et al, 2010).…”
Section: Question Numbersupporting
confidence: 79%
See 1 more Smart Citation
“…It is also worth noting that in one retrospective, one of the SIHs indicated that the reason why they could not investigate the contents of the Windows Registry was due to limited tool access. This supports previous findings that individuals within security incident response, often need specialized tools and/or they have to develop their own tools to perform specific exploratory tasks (Werlinger et al, 2010).…”
Section: Question Numbersupporting
confidence: 79%
“…Grimes (2007) argued that traditional security incident response models have become outdated and are no longer suited to manage today's security incidents. Werlinger et al (2010), add that current security incident response tools do not appropriately support the highly collaborative nature of security investigations and that incident handlers often need to develop their own tools to perform specific tasks. Tan et al (2003) explored the factors that influenced information security managers to avoid conducting investigations subsequent to a security incident.…”
Section: Related Workmentioning
confidence: 99%
“…This is disturbing since incident management is collaborative in nature. This is exemplified by Werlinger et al [8], who found that:…”
Section: Collaboration and Communication In Incident Managementmentioning
confidence: 83%
“…Werlinger et al [8] studied the practices related to diagnostic works during incident response in a variety of organizations. Ahmad et al [9] studied incident management in a large financial institution, and Jaatun et al [7] studied incident response in the petroleum industry.…”
Section: Collaboration and Communication In Incident Managementmentioning
confidence: 99%
“…The response team evaluates attack data against policies, determine that type and nature of attack and formulate a response within the acceptable reaction time [29]. Effective response to DOS and DDOS are early detection, coordinated cooperation between network domains to exchange information without impacting network support payload [30].…”
Section: Incident Response Teammentioning
confidence: 99%