A framework for incident response management in the petroleum industry

Jaatun, Martin Gilje; Albrechtsen, Eirik; Line, Maria B.; Tøndel, Inger Anne; Longva, Odd Helge

doi:10.1016/j.ijcip.2009.02.004

Cited by 46 publications

(32 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several researchers focused on how current approaches do not adequately support security incident learning (Ahmad et al, 2012;Shedden et al, 2010Shedden et al, , 2011Tan et al, 2003;Jaatun et al, 2009). Ahmad et al (2012) argue that the 'feedback' phase is often skipped because security incident response teams are too focused on containment, eradication, and recovery.…”

Section: Related Workmentioning

confidence: 99%

“…Ahmad et al (2012) argue that the 'feedback' phase is often skipped because security incident response teams are too focused on containment, eradication, and recovery. In a study involving the petroleum industry, Jaatun et al (2009) explained that while learning from security incidents was considered important, organizations found it difficult to implement the concept in practice. Jaatun et al (2009) go on to argue that organizations must be prepared for incident learning and this includes obtaining managerial commitment and the willingness to commit resources to facilitate learning from security incidents.…”

Section: Related Workmentioning

confidence: 99%

“…In a study involving the petroleum industry, Jaatun et al (2009) explained that while learning from security incidents was considered important, organizations found it difficult to implement the concept in practice. Jaatun et al (2009) go on to argue that organizations must be prepared for incident learning and this includes obtaining managerial commitment and the willingness to commit resources to facilitate learning from security incidents. This is a view that is shared by Tan et al (2003), who also noted that their studied organization was not prepared to gather data or learn from security incidents.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Enhancing security incident response follow-up efforts with lightweight agile retrospectives

Grispos

Glisson

Storer

2017

Digital Investigation

View full text Add to dashboard Cite

Security incidents detected by organizations are escalating in both scale and complexity. As a result, security incident response has become a critical mechanism for organizations in an effort to minimize the damage from security incidents. The final phase within many security incident response approaches is the feedback/follow-up phase. It is within this phase that an organization is expected to use information collected during an investigation in order to learn from an incident, improve its security incident response process and positively impact the wider security environment. However, recent research and security incident reports argue that organizations find it difficult to learn from incidents.A contributing factor to this learning deficiency is that industry focused security incident response approaches, typically, provide very little practical information about tools or techniques that can be used to extract lessons learned from an investigation. As a result, organizations focus on improving technical security controls and not examining or reassessing the effectiveness or efficiency of internal policies and procedures. An additional hindrance, to encouraging improvement assessments, is the absence of tools and/or techniques that organizations can implement to evaluate the impact of implemented enhancements in the wider organization. Hence, this research investigates the integration of lightweight agile retrospectives and meta-retrospectives, in a security incident response process, to enhance feedback and/or follow-up efforts. The research contribution of this paper is twofold. First, it presents an approach based on lightweight retrospectives as a means of enhancing security incident response follow-up efforts. Second, it presents an empirical evaluation of this lightweight approach in a Fortune 500 Financial organization's security incident response team.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Enhancing security incident response follow-up efforts with lightweight agile retrospectives

Grispos

Glisson

Storer

2017

Digital Investigation

View full text Add to dashboard Cite

show abstract

“…Creating adequate plans for incident handling: Having a simple, short and common plan for incident management was recommended by Jaatun et al (2009) and Cusick and Ma (2010). This was considered an advantage when present and a need when not present.…”

Section: Information Security Incident Managementmentioning

confidence: 99%

“…This was considered an advantage when present and a need when not present. Without it, the approach to incident management could appear scattered and randomly structured (Jaatun et al, 2009). A lack of plans was reported by Line et al (2014) to hinder training activities, as a plan was perceived as needed as a basis for training.…”

Section: Information Security Incident Managementmentioning

confidence: 99%

Examining the suitability of industrial safety management approaches for information security incident management

Line

Albrechtsen

2016

Information &Amp; Computer Security

Self Cite

View full text Add to dashboard Cite

Purpose This paper discusses whether recent theoretical and practical approaches within industrial safety management might be applicable to, and solve challenges experienced in, the field of information security, specifically related to incident management.Design/methodology/approach Literature review. FindingsPrinciples, research, and experiences on the issues of plans, training, and learning in the context of industrial safety management would be suitable for adoption into the field of information security incident management and aid in addressing current challenges. Research limitations/implications (if applicable)There are a number of reasons why approaches from industrial safety management have something to offer to information security incident management: the former field is more mature and has longer traditions, there is more organizational research on industrial safety issues than on information security issues so far, individual awareness is higher for industrial safety risks, and worker participation in systematic industrial safety work is ensured by law. More organizational research on information security issues and continuous strengthening of individual security awareness would push information security to further maturity levels where current challenges are solved. Practical implications (if applicable)This paper shows that the field of information security incident management would gain from closer collaborations with industrial safety management, both in research and in practical loss prevention in organizations. The ideas discussed in this paper form a basis for further research on practical implementations and case studies. Originality/valueThe main audience of this paper includes information security researchers and practitioners, as they will find inspirational theories and experiences to bring into their daily work and future projects.

show abstract

How integration of cyber security management and incident response enables organizational learning

Ahmad

Desouza

Maynard

et al. 2019

Asso for Info Science & Tech

View full text Add to dashboard Cite

Digital assets of organizations are under constant threat from a wide assortment of nefarious actors. When threats materialize, the consequences can be significant. Most large organizations invest in a dedicated information security management (ISM) function to ensure that digital assets are protected. The ISM function conducts risk assessments, develops strategy, provides policies and training to define roles and guide behavior, and implements technological controls such as firewalls, antivirus, and encryption to restrict unauthorized access. Despite these protective measures, incidents (security breaches) will occur. Alongside the security management function, many organizations also retain an incident response (IR) function to mitigate damage from an attack and promptly restore digital services. However, few organizations integrate and learn from experiences of these functions in an optimal manner that enables them to not only respond to security incidents, but also proactively maneuver the threat environment. In this article we draw on organizational learning theory to develop a conceptual framework that explains how the ISM and IR functions can be better integrated. The strong integration of ISM and IR functions, in turn, creates learning opportunities that lead to organizational security benefits including: increased awareness of security risks, compilation of threat intelligence, removal of flaws in security defenses, evaluation of security defensive logic, and enhanced security response.

show abstract

A framework for incident response management in the petroleum industry

Cited by 46 publications

References 20 publications

Enhancing security incident response follow-up efforts with lightweight agile retrospectives

Enhancing security incident response follow-up efforts with lightweight agile retrospectives

Examining the suitability of industrial safety management approaches for information security incident management

How integration of cyber security management and incident response enables organizational learning

Contact Info

Product

Resources

About