Requirements for Playbook-Assisted Cyber Incident Response, Reporting and Automation

Akbari Gurabi, Mehdi; Nitz, Lasse; Bregar, Andrej; Popanda, Jan; Siemers, Christian; Matzutt, Roman; Mandal, Avikarsha

doi:10.1145/3688810

Digital Threats

2024

DOI: 10.1145/3688810

|View full text |Cite

Requirements for Playbook-Assisted Cyber Incident Response, Reporting and Automation

Mehdi Akbari Gurabi,

Lasse Nitz,

Andrej Bregar

et al.

Abstract: Cybersecurity playbooks assume an increasingly important role as threat-specific documents for guiding operators in the context of cyber incident response. However, these playbooks are mostly unstructured or semi-structured, which significantly limits their utility when it comes to automating response and reporting steps, complying with cybersecurity directives, or sharing best practices for incident response across organisations. We thus argue that cybersecurity playbooks must transition to interoperable and … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2024

Publication Types

Select...

Article1

Relationship

Self Cite0

Independent1

Authors

Journals

Cited by 1 publication

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

On Collaboration and Automation in the Context of Threat Detection and Response with Privacy-Preserving Features

Nitz,

Gurabi,

Cermak

et al. 2024

Digital Threats

View full text Add to dashboard Cite

Organizations and their security operation centers often struggle to detect and respond effectively to an extensive quantity of ever-evolving cyberattacks. While collaboration, such as threat intelligence sharing between security teams, and response automation are often discussed in the cybersecurity community, issues like data sensitivity and confidence in detection may hinder their adoption. This work investigates the potentials and challenges of collaboration and automation to enhance incident response processes. We propose a reference architecture for data sharing in threat detection and response, aiming to boost collaborative and automated efforts across organizations while also considering privacy-preserving features. To address these challenges and potentials, we discuss how such a framework could enhance current response processes within and between organizations, validated with results in local attack detection, incident response, and data sharing.

show abstract

On Collaboration and Automation in the Context of Threat Detection and Response with Privacy-Preserving Features

Nitz,

Gurabi,

Cermak

et al. 2024

Digital Threats

View full text Add to dashboard Cite

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Requirements for Playbook-Assisted Cyber Incident Response, Reporting and Automation

Cited by 1 publication

References 19 publications

On Collaboration and Automation in the Context of Threat Detection and Response with Privacy-Preserving Features

On Collaboration and Automation in the Context of Threat Detection and Response with Privacy-Preserving Features

Contact Info

Product

Resources

About