How can organizations develop situation awareness for incident response: A case study of management practice

被引:63
作者
Ahmad, Atif [1 ]
Maynard, Sean B. [1 ]
Desouza, Kevin C. [2 ]
Kotsias, James [3 ]
Whitty, Monica T. [4 ]
Baskerville, Richard L. [5 ,6 ]
机构
[1] Univ Melbourne, Sch Comp & Informat Syst, Parkville, Vic, Australia
[2] Queensland Univ Technol, QUT Business Sch, Brisbane, Qld, Australia
[3] Deakin Univ, Burwood, Australia
[4] UNSW Canberra, UNSW Canberra Cyber, Canberra, ACT, Australia
[5] Georgia State Univ, Robinson Coll Business, Atlanta, GA 30303 USA
[6] Curtin Univ, Sch Management, Perth, WA, Australia
来源
COMPUTERS & SECURITY | 2021年 / 101卷
基金
澳大利亚研究理事会;
关键词
Cybersecurity management; Information security management; Incident response; Cybersecurity; Situation awareness; Case study; Process model; INFORMATION; TEAMS;
D O I
10.1016/j.cose.2020.102122
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Organized, sophisticated and persistent cyber-threat-actors pose a significant challenge to large, high-value organizations. They are capable of disrupting and destroying cyber infrastructures, denying organizations access to IT services, and stealing sensitive information including intellectual property, trade secrets and customer data. Past research points to Situation Awareness as critical to effective response. However, most research has focused on the technological perspective with comparatively less focus on the practice perspective. We therefore present an in-depth case study of a leading financial organization with a well-resourced and mature incident response capability that has evolved as a result of experiences with past attacks. Our contribution is a process model that explains how organizations can practice situation awareness of the cyber-threat landscape and the broad business context in incident response. (C) 2020 Elsevier Ltd. All rights reserved.
引用
收藏
页数:15
相关论文
共 50 条
[1]   Challenges and performance metrics for security operations center analysts: a systematic review [J].
Agyepong, Enoch ;
Cherdantseva, Yulia ;
Reinecke, Philipp ;
Burnap, Pete .
Agyepong, Enoch (agyeponge@cardiff.ac.uk), 1600, Taylor and Francis Ltd. (04) :125-152
[2]   How integration of cyber security management and incident response enables organizational learning [J].
Ahmad, Atif ;
Desouza, Kevin C. ;
Maynard, Sean B. ;
Naseer, Humza ;
Baskerville, Richard L. .
JOURNAL OF THE ASSOCIATION FOR INFORMATION SCIENCE AND TECHNOLOGY, 2020, 71 (08) :939-953
[3]   Strategically-motivated advanced persistent threat: Definition, process, tactics and a disinformation model of counterattack [J].
Ahmad, Atif ;
Webb, Jeb ;
Desouza, Kevin C. ;
Boorman, James .
COMPUTERS & SECURITY, 2019, 86 :402-418
[4]   A case analysis of information systems and security incident responses [J].
Ahmad, Atif ;
Maynard, Sean B. ;
Shanks, Graeme .
INTERNATIONAL JOURNAL OF INFORMATION MANAGEMENT, 2015, 35 (06) :717-723
[5]   Incident response teams - Challenges in supporting the organisational security function [J].
Ahmad, Atif ;
Hadgkiss, Justin ;
Ruighaver, A. B. .
COMPUTERS & SECURITY, 2012, 31 (05) :643-652
[6]  
Alshaikh M, 2014, 25 AUSTR C INF SYST, P10
[7]  
[Anonymous], 2014, Basics of social research
[8]  
[Anonymous], 2018, Case Study Research and Applications, DOI DOI 10.1177/109634809702100108
[9]  
Bartnes M., 2014, P 2 WORKSH SMART EN, P13, DOI DOI 10.1145/2667190.2667192
[10]   The future of information security incident management training: A case study of electrical power companies [J].
Bartnes, Maria ;
Moe, Nils Brede ;
Heegaard, Poul E. .
COMPUTERS & SECURITY, 2016, 61 :32-45
12345