In this paper we propose a role model that can be applied in societal cyber crisis management to build safety and standard procedures during cyber security crisis. We define societal cyber crisis as the cyber crisis which affect the society in which disaster is or might be the consequence. The process to create our model started by analyzing regulations and responsibilities in Norwegian municipalities, and we used steps of a design science research (DSR) research approach to create our suggested artifact. A combination of conventional crisis management and cyber crisis management is proposed to identify the interrelationships among diverse stakeholders when managing the preparation for and reaction to a cyber crisis incident. We present a cyber incident handling role model (CIHRM) which is usable for visualizing cyber crisis in a diversity of organizations. After our model has been reviewed by the cyber security research community, we plan to implement the model when analyzing crisis management in various organizations to prepare for instructions, training and exercises at our training environment -The Norwegian Cyber Range.
In this paper the authors discuss how to create a preparation schedule for exercises (PSE) to support EXCON-teams and instructors for full-scaled combined crisis management and cyber-exercises. The process to create the preparation schedule starts by performing vulnerability analysis to identify the most relevant and likely threats to the organization, before processing historical threats and attacks to further focus our simulation scenario development by planning and designing a socio-technical scenario. Moreover, a plan for simulation that are realistic and based on the organization's maturity will be considered, and finally, in terms of a societal crisis impact exercise necessary lectures will be prepared. After this framework has been reviewed by the HCI International 2020, we plan to test the model when planning for exercises at the Norwegian Cyber Range (NCR) environment. NCR will be an arena where testing, training, and exercise will be used to expose individuals, public and private organizations, government agencies to simulate socio-technical cyber security events and situations in a realistic but safe environment.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.