A Post-Mortem Incident Modeling Method

被引:1
作者
Ardi, Shanai [1 ]
Shahmehri, Nahid [1 ]
机构
[1] Likopings Univ, Dept Comp & Informat Sci, SE-58183 Linkoping, Sweden
来源
2009 INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY, AND SECURITY (ARES), VOLS 1 AND 2 | 2009年
关键词
Incident response; post-mortem analysis; incident modeling; incident cause graph;
D O I
10.1109/ARES.2009.108
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Incident post-mortem analysis after recovery from incidents is recommended by most incident response experts. An analysis of why and how an incident happened is crucial for determining appropriate countermeasures to prevent the recurrence of the incident. Currently, there is a lack of structured methods for such an analysis, which would identify the causes of a security incident. In this paper, we present a structured method to perform the post-mortem analysis and to model the causes of an incident visually in a graph structure. This method is an extension of our earlier work on modeling software vulnerabilities. The goal of modeling incidents is to develop an understanding of what could have caused the security incident and how its recurrence can be prevented in the future. The method presented in this paper is intended to be used during the post-mortem analysis of incidents by incident response teams.
引用
收藏
页码:1018 / 1023
页数:6
相关论文
共 10 条
[1]  
ARDI S, 2008, THESIS LINKOPING STU
[2]  
ARDI S, 2006, P ICSE 2006 WORKSH S
[3]  
BYERS D, 2006, P IEEE INT C SOFTW M
[4]  
CORRINGTON B, 2005, ANATOMY MAJOR INCIDE
[5]  
Freiling F., 2007, 3 INT C IT INC MAN I
[6]  
GRANCE T, 2004, NIST SPECIAL PUBLICA
[7]  
STEPHENSON P, 2003, COMPUTER FRAUD S APR
[8]  
Stephenson P., 2004, International Journal of Digital Evidence, V3
[9]  
Viega J., 2002, BUILDING SECURE SOFT
[10]  
HALF LIFE FAKE PLAYE