The future of information security incident management training: A case study of electrical power companies

Bartnes, Maria; Moe, Nils Brede; Heegaard, Poul E.

doi:10.1016/j.cose.2016.05.004

Cited by 29 publications

(14 citation statements)

References 34 publications

(46 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The results of this study support the research of Bartnes et al (2016) who say that learning will enable organizations to improve response practices for incidents. Mattia (2011) said learning can help organizations to adapt and manage the process of securing organizational assets, and Kovacich (2016) states that system security is one of the fastest growing things now, the internet as a core infrastructure is the target of attacks, so organizations must have knowledge which is good for dealing with cyber-attacks through learning.…”

Section: Conclusion and Recommendationssupporting

confidence: 83%

The effects of organizational learning on the security of bankings information system in Indonesia

Safrizal¹,

Marjulin²

2020

Afr. J. Bus. Manage.

View full text Add to dashboard Cite

Section: Conclusion and Recommendationssupporting

confidence: 83%

The effects of organizational learning on the security of bankings information system in Indonesia

Safrizal¹,

Marjulin²

2020

Afr. J. Bus. Manage.

View full text Add to dashboard Cite

“…Algunos autores prefieren diseñar sus casos de estudio utilizando la metodología de investigación de Yin (2009). Bartnes & Brede (2016) presentaron su investigación utilizando la recopilación de datos, el análisis de datos, las secciones de escenarios y contenido de casos. Meszaros & Buchalcevova (2016) diseñaron el Marco de Seguridad de Servicios Online (OSSF) y sus métodos de investigación se organizaron en un proceso con las siguientes actividades:…”

Section: Metodologíaunclassified

Auditorías en Ciberseguridad: Un modelo de aplicación general para empresas y naciones

Sabillon

Cano²

2019

RISTI

View full text Add to dashboard Cite

Resumen: Este artículo presenta los resultados de un estudio de implementación y validación del Modelo de Auditoría de Ciberseguridad (CSAM), en un estudio de casos múltiples en una universidad canadiense. Se propone que el modelo se utilice para adelantar auditorías de ciberseguridad en cualquier organización o nación, y así evaluar la seguridad, su madurez y la preparación frente a la seguridad cibernética. De igual forma, detectar las necesidades para acrecentar la conciencia cibernética a nivel organizacional y personal. CSAM se ha probado, implementado y validado en tres escenarios de investigación (1) Auditoría de todos los dominios del modelo, (2) Auditoría de varios dominios y (3) una auditoría de un único dominio. El artículo concluye detallando información relevante para la toma de decisiones futuras con el fin de ajustar las limitaciones de ciberseguridad identificadas, mejorar sus dominios y controles, y de esta manera, implementar y probar de manera eficiente este modelo en cualquier organización o país.Palabras-clave: Ciberseguridad; modelos de auditoría de ciberseguridad; auditorías en ciberseguridad; controles en ciberseguridad; aseguramiento en ciberseguridad. Audits in Cybersecurity: A model of general application for companies and nationsAbstract: This article presents the results of an implementation and validation study of the Cybersecurity Audit Model (CSAM), in a multiple case study at a Canadian university. It is proposed that the model be used to advance cybersecurity audits in any organization or nation to assess security, its maturity, and preparedness for cybersecurity. Similarly, identify needs to increase cybersecurity awareness at the organizational and personal levels. CSAM has been tested, implemented and validated in three investigation scenarios (1) Audit of all model domains, (2) Audit of several domains and (3) an audit of a single domain. The article concludes by detailing relevant information for future decision making in order to adjust the identified cybersecurity limitations, improve their domains and controls, and thus efficiently implement and test this model in any organization or country. RISTI, N.º 32, 06/2019 Auditorías en Ciberseguridad: Un modelo de aplicación general para empresas y naciones

show abstract

“…The specific nature of the assistance required depends on both the technical and business impact of the threat. To understand the gaps in the knowledge and how to design the organization to support the response unit, organizations need to perform exercises frequently and evaluate their outcome (Bartnes et al, 2016).…”

Section: Tabletop Exercisesmentioning

confidence: 99%

Challenges in IT security preparedness exercises: A case study

Bartnes

Moe

2017

Computers & Security

Self Cite

View full text Add to dashboard Cite

The electric power industry is currently implementing major technological changes in order to achieve the goal of smart grids. However, these changes are expected to increase the susceptibility of the industry to IT security incidents. IT security preparedness exercises are not commonly performed in the electric power industry, even though this industry is considered part of society's critical infrastructure. Resolving an IT security incident requires interdepartmental collaborations between various categories of personnel, and to successfully achieve this, training is required. The process of preparing a response to incidents enhances the nature of collaboration, coordination, and communication within an organization. Our objective is to understand the challenges faced when performing IT security preparedness exercises, as challenges experienced during these exercises affect the response process during a real incident. By improving the exercises, the response capabilities would be strengthened accordingly. We have designed a multiple-case study with six teams in three organizations. We collected data by performing semi-structured interviews, participant observations, and from process artifacts. We identified six main challenges involving team composition and external expert involvement, goal definition, documentation, and time management. In summary, there are many ways of conducting preparedness exercises. Therefore, organizations need to both optimize current exercise practices and experiment with new ones in order to ensure continuous learning and improvement; hence, they can be adequately prepared to respond to IT security incidents.

show abstract

The future of information security incident management training: A case study of electrical power companies

Cited by 29 publications

References 34 publications

The effects of organizational learning on the security of bankings information system in Indonesia

The effects of organizational learning on the security of bankings information system in Indonesia

Auditorías en Ciberseguridad: Un modelo de aplicación general para empresas y naciones

Challenges in IT security preparedness exercises: A case study

Contact Info

Product

Resources

About