Development and evaluation of information elements for simplified cyber-incident reports

Lif, Patrik; Sommestad, Teodor; Granasen, Dennis

doi:10.1109/cybersa.2018.8551402

Cited by 8 publications

(15 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Furthermore, the number of information pieces used in a report was related to the quality assessments made by the exercise management. The results, according to Lif et al, (2018), show that, while the general assessment of content relevance of the simplified cyber incident reporting template was favourable, the template still needs to be validated further.…”

Section: Empirical Literature Reviewmentioning

confidence: 99%

“…Handling, analysis, and attribution, according to Hattema (2021), require 'epistemic states,' which are based on a limited grasp of the attackers' intentions, opportunities, actions, and specific motions. One of the most critical duties in cyber security incident handling, according to Lif et al, (2018), is to report what has happened. Several frameworks have been developed to assist this reporting, according to Lif et al, (2018), each with its own set of benefits and drawbacks.…”

Section: Empirical Literature Reviewmentioning

confidence: 99%

“…One of the most critical duties in cyber security incident handling, according to Lif et al, (2018), is to report what has happened. Several frameworks have been developed to assist this reporting, according to Lif et al, (2018), each with its own set of benefits and drawbacks.…”

Section: Empirical Literature Reviewmentioning

confidence: 99%

“…A set out to determine the acceptability of sixteen plausible information items linked to traceability and analysis as a first step in the construction of a practically effective event description standard was done, according to Lif et al, (2018). The findings of Lif et al, (2018) reveal that the ratio of information items used varies greatly between reporters and occurrences. Furthermore, the number of information pieces used in a report was related to the quality assessments made by the exercise management.…”

Section: Empirical Literature Reviewmentioning

confidence: 99%

See 3 more Smart Citations

Cyber Incident Handling Framework for Schools in South Africa: Views of Experts

2022

JHETP

View full text Add to dashboard Cite

The goal of this study was to create a Cyber Incident Handling Framework (CIHF) for South African schools to improve their effectiveness in dealing with cyber incidents while also ensuring that each role player plays an important role in the intervention process aimed at reducing cyber incidents in schools. Experts' comments on the proposed cyber incident handling framework (CIHF) for schools in South Africa were gathered through an expert review survey. The use of expert reviewers was justified to tap into the reviewers' expertise and knowledge. The expert opinion was useful in determining the relevance of the suggested framework, reflecting on its quality, and determining how well it supports the solution of reporting cyber events in South African schools. The expert review process' significant contribution was the documentation of expert opinions on the planned CIHF for South African schools. The study detailed the Cyber Incident Handling Framework (CIHF), as well as the problems in applying the framework and how the challenges may be handled.

show abstract

Section: Empirical Literature Reviewmentioning

confidence: 99%

Section: Empirical Literature Reviewmentioning

confidence: 99%

Section: Empirical Literature Reviewmentioning

confidence: 99%

Section: Empirical Literature Reviewmentioning

confidence: 99%

See 2 more Smart Citations

Cyber Incident Handling Framework for Schools in South Africa: Views of Experts

2022

JHETP

View full text Add to dashboard Cite

show abstract

“…During the implementation stage, the trainer monitors the students and tries to handle events and incidents, driving the students to pass through all learning goals. The process is based on the Boyd's Observe-Orient-Decide-Act (OODA) loop [42]. In the feedback stage, the students and the trainer go through all the main exercise elements.…”

Section: Teaching Cyber-securitymentioning

confidence: 99%

Modern Aspects of Cyber-Security Training and Continuous Adaptation of Programmes to Trainees

et al. 2020

View full text Add to dashboard Cite

Nowadays, more-and-more cyber-security training is emerging as an essential process for the lifelong personnel education in organizations, especially for those which operate critical infrastructures. This is due to security breaches on popular services that become publicly known and raise people’s security awareness. Except from large organizations, small-to-medium enterprises and individuals need to keep their knowledge on the related topics up-to-date as a means to protect their business operation or to obtain professional skills. Therefore, the potential target-group may range from simple users, who require basic knowledge on the current threat landscape and how to operate the related defense mechanisms, to security experts, who require hands-on experience in responding to security incidents. This high diversity makes training and certification quite a challenging task. This study combines pedagogical practices and cyber-security modelling in an attempt to support dynamically adaptive training procedures. The training programme is initially tailored to the trainee’s needs, promoting the continuous adaptation to his/her performance afterwards. As the trainee accomplishes the basic evaluation tasks, the assessment starts involving more advanced features that demand a higher level of understanding. The overall method is integrated in a modern cyber-ranges platform, and a pilot training programme for smart shipping employees is presented.

show abstract

The awareness of operators: a goal-directed task analysis in SOCs for critical infrastructure

Ofte

2024

Int. J. Inf. Secur.

View full text Add to dashboard Cite

Security operation centers (SOCs) are increasingly established to meet the growing threat against cyber security. The operators of SOCs respond to complex incidents under time constraints. Within critical infrastructure, the consequences of human error or low performance in SOCs may be detrimental. In other domains, situation awareness (SA) has proven useful to understand and measure how operators use information and decide the correct actions. Until now, SA research in SOCs has been restricted by a lack of in-depth studies of SA mechanisms. Therefore, this study is the first to conduct a goal-directed task analysis in a SOC for critical infrastructure. The study was conducted through a targeted series of unstructured and semi-structured interviews with SOC operators and their leaders complemented by a review of documents, incident reports, and in situ observation of work within the SOC and real incidents. Among the presented findings is a goal hierarchy alongside a complete overview of the decisions the operators make during escalated incidents. How the operators gain and use SA in these decisions is presented as a complete set of SA requirements. The findings are accompanied by an analysis of contextual differences in how the operators prioritize goals and use information in network incidents and security incidents. This enables a discussion of what SA processes might be automated and which would benefit from different SA models. The study provides a unique insight into the SA of SOC operators and is thus a steppingstone for bridging the knowledge gap of Cyber SA.

show abstract

Development and evaluation of information elements for simplified cyber-incident reports

Cited by 8 publications

References 21 publications

Cyber Incident Handling Framework for Schools in South Africa: Views of Experts

Cyber Incident Handling Framework for Schools in South Africa: Views of Experts

Modern Aspects of Cyber-Security Training and Continuous Adaptation of Programmes to Trainees

The awareness of operators: a goal-directed task analysis in SOCs for critical infrastructure

Contact Info

Product

Resources

About