On Incident Handling and Response: A state-of-the-art approach

Mitropoulos, Sarandis; Patsos, Dimitrios; Douligeris, Christos

doi:10.1016/j.cose.2005.09.006

Cited by 61 publications

(53 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Meetings are held and notes are gathered to document responses, disagreements, suggestions and additions to security policies and incident procedures [18]. Issues to document include the effects of the damage, actions taken during the incident, policies and procedures that require a change and evidence that can be used for pursuing the responsible person(s) [21]. It is expected that healthcare organisations will act on these lessons, for instance by changes in procedures or training processes and incident response policies.…”

Section: Introductionmentioning

confidence: 99%

Improving the redistribution of the security lessons in healthcare: An evaluation of the Generic Security Template

Johnson

2015

International Journal of Medical Informatics

View full text Add to dashboard Cite

Section: Introductionmentioning

confidence: 99%

Improving the redistribution of the security lessons in healthcare: An evaluation of the Generic Security Template

Johnson

2015

International Journal of Medical Informatics

View full text Add to dashboard Cite

“…Apart from monitoring and alerting, a primary function of the EAM, as with a SEM, is to log events (Mitropoulos 2006). To this end, the event handler not only passes events to the EAE, but it stores all events directly in a database in encrypted form.…”

Section: Figure 2 -Figure Illustrating Components Of the Event Analysmentioning

confidence: 99%

The architecture of a digital forensic readiness management system

Reddy¹,

Venter²

2013

Computers & Security

View full text Add to dashboard Cite

A coordinated approach to digital forensic readiness (DFR) in a large organisation requires the management and monitoring of a wide variety of resources, both human and technical. The resources involved in DFR in large organisations typically include staff from multiple departments and business units, as well as network infrastructure and computing platforms. The state of DFR within large organisations may therefore be adversely affected if the myriad human and technical resources involved are not managed in an optimal manner. This paper contributes to DFR by proposing the novel concept of a digital forensic readiness management system (DFRMS). The purpose of a DFRMS is to assist large organisations in achieving an optimal level of management for DFR. In addition to this, we offer an architecture for a DFRMS. This architecture is based on requirements for DFR that we ascertained from an exhaustive review of the DFR literature. We describe the architecture in detail and show that it meets the requirements set out in the DFR literature. The merits and disadvantages of the architecture are also discussed. Finally, we describe and explain an early prototype of a DFRMS.

show abstract

“…There were well-structured models provided by SANS, NIST and ISO 27035 models consisting of several distinct phases to isolate an incident and appropriately respond to it, including preparation, identification, containment, eradication, recovery and follow-up [30]. A "follow-up" phase is an essential stage of the SIRH.…”

Section: Lessons Learned and Security Incident Response And Handlingmentioning

confidence: 99%

Challenges of information security incident learning: An industrial case study in a Chinese healthcare organization

Johnson

2017

Informatics for Health and Social Care

View full text Add to dashboard Cite

Security incidents can have negative impacts on healthcare organisations and the security of medical records has become a primary concern of the public.However, previous studies showed that organisations had not effectively learned lessons from security incidents. Incident learning as an essential activity in the "follow-up" phase of security incident response lifecycle, has long been addressed but not given enough attention. This paper conducted a case study in a healthcare organisation in China to explore their current obstacles in the practice of incident learning. We interviewed both IT professionals and healthcare professional. The results showed that the organisation did not have a structured way to gather and redistribute incident knowledge. Incident response was ineffective in cycling incident knowledge back to inform security management.Incident reporting to multiple stakeholders faced a great challenge. In response to this case study, we suggest the security assurance modelling framework to address those obstacles.

show abstract

On Incident Handling and Response: A state-of-the-art approach

Cited by 61 publications

References 6 publications

Improving the redistribution of the security lessons in healthcare: An evaluation of the Generic Security Template

Improving the redistribution of the security lessons in healthcare: An evaluation of the Generic Security Template

The architecture of a digital forensic readiness management system

Challenges of information security incident learning: An industrial case study in a Chinese healthcare organization

Contact Info

Product

Resources

About