Rethinking Security Incident Response: The Integration of Agile Principles

In today's globally networked environment, information security incidents can inflict staggering financial losses on organizations. Industry reports indicate that fundamental problems exist with the application of current linear plan-driven security incident response approaches being applied in many organizations. Researchers argue that traditional approaches value containment and eradication over incident learning. While previous security incident response research focused on best practice development, linear plan-driven approaches and the technical aspects of security incident response, very little research investigates the integration of agile principles and practices into the security incident response process. This paper proposes that the integration of disciplined agile principles and practices into the security incident response process is a practical solution to strengthening an organization's security incident response posture.Comment: Paper presented at the 20th Americas Conference on Information Systems (AMCIS 2014), Savannah, Georgi

IT incidents and business impacts: Validating a framework for continuity management in information systems

Information technology (IT) incidents that make data inaccessible may cause businesses to lose customers, reputation and market position. Previous studies on information management have identified data availability as a key priority, and the literature on disaster recovery and business continuity describes ways of preparing for and avoiding IT incidents. However, no frameworks for information system continuity management (ISCM) have yet been validated. This research draws on a framework for business continuity management, and extends it to the context of information systems. The framework is validated in a survey of IT managers and chief information officers in large private and public organisations operating in Finland. The results suggest that the embeddedness of continuity practices in an organisation has perceived business impacts whereas, in contradiction of previous theory, there is no such direct relation in the case of organisational alertness and preparedness. The theoretical contribution is to validate the ISCM framework statistically. On the practical level, social factors such as committed managers and employees are influential in decreasing negative business impacts. Further research on the embeddedness of continuity practices is called for. (C) 2013 Elsevier Ltd. All rights reserved

Towards Governance of Information Security Incident Response

Organizations are increasingly digitizing their business models to complement or even replace physical contact with customers and suppliers. With this shift online comes an increase in information security attacks, which are occurring more frequently due to the increased attack surface, vulnerabilities in security controls, and a target-rich environment. Organizations prevent attacks however some attacks are still successful and result in security incidents that degrade operations. When an organization is successfully breached, the organization must respond to the incident as quickly as possible to ensure continued operations and business resilience. However, guidance is lacking for governance of the response function. In a thematic review, we find good governance plays a key role in smooth and efficient incident response and this paper extends knowledge about governance of information security incident response by identifying key governance concepts that improve incident response efforts within organizations

Security Incident Response Criteria: A Practitioner's Perspective

Industrial reports indicate that security incidents continue to inflict large financial losses on organizations. Researchers and industrial analysts contend that there are fundamental problems with existing security incident response process solutions. This paper presents the Security Incident Response Criteria (SIRC) which can be applied to a variety of security incident response approaches. The criteria are derived from empirical data based on in-depth interviews conducted within a Global Fortune 500 organization and supporting literature. The research contribution of this paper is twofold. First, the criteria presented in this paper can be used to evaluate existing security incident response solutions and second, as a guide, to support future security incident response improvement initiatives

Tingkat Recovery dan Resiliensi UMKM Kuliner Kota Pekalongan Pascapandemi Covid-19

Due to the significant impact of the Covid-19 pandemic, culinary MSMEs must be able to survive and continue their business. This study aims to analyze the condition of culinary SMEs in Pekalongan and the indicators that play the most role in shaping the recovery and resilience of culinary SMEs in Pekalongan. This study used a non-probability sampling method involving 103 respondents from Pekalongan Culinary actors with several parameters distributed through online questionnaires and in-person interviews. The data was processed by Principal Component Analysis (PCA) using SPSS 20. The results of this study are that culinary SMEs in Pekalongan City have not recovered in terms of profit and sales. Furthermore, based on the PCA results, the indicators that play the most role in shaping the level of recovery and resilience of Pekalongan Culinary MSMEs are divided into eight main components, namely planning, preparedness, and financial support (PC1), technology utilization (PC2), ability to change (PC3), management support and communication (PC4), business environment (PC5), business orientation (PC6), business responsiveness (PC7), and creativity and innovation (PC8). Therefore, culinary MSMEs in Pekalongan can increase their business inputs by optimizing the eight main components that make up the level of recovery and resilience of Pekalongan culinary MSMEs. Keywords: Covid-19 post-pandemic, descriptive analysis, PCA, recovery level, resilience leve

Enhancing Strategic Information Security Management in Organizations through Information Warfare Practices

Today’s organizations use control-centred security management systems as a preventative shield against a broad spectrum of attacks. However, these have proven to be less effective against the customized and innovative strategies and operational techniques used by Advanced Persistent Threats (APTs). In this short paper we argue that to combat APTs, organizations need a strategic-level shift away from a traditional prevention-cantered approach to that of a response-cantered one. Drawing on the information warfare (IW) paradigm in military studies, and using Dynamic Capability Theory (DCT), this research examines the applicability of IW capabilities in the corporate domain. We propose a research framework to argue that conventional prevention-centred response capabilities; such as incident response capabilities and IW-centred security capabilities can be integrated into IW-enabled dynamic response capabilities that improve enterprise security performance

Digital forensics investigative framework for control rooms in critical infrastructure

In this paper a cyber-forensic framework with a detailed guideline for protecting control systems is developed to improve the forensic capability for big data in critical infrastructures. The main objective of creating a cyber-forensic plan is to cover the essentials of monitoring, troubleshooting, data reconstruction, recovery, and the safety of classified information. The problem to be addressed in control rooms is the diversity and quantity of data, and for investigators, bringing together the different skill groups for managing data and device diversity. This research embraces establishing of a new digital forensic model for critical infrastructures that supports digital forensic investigators with the necessary information for conducting an advanced forensic investigation in Critical Infrastructures. The framework for investigation is presented here and elaborated. The extended work applies the framework to industry case studies and is not reported here

(RIP) Cybersecurity Agility: Antecedents and Effects on Security Incident Management Effectiveness

Increased dynamism and complexity of cybersecurity threat environments mean that traditional approaches of managing cybersecurity are no longer effective to minimize the harm of cybersecurity attacks. Although comprehensive guidelines and past studies that address the issue of effective incident management are available, a conceptual model that explains and addresses organizational factors that might help or impede organizational ability to manage cybersecurity incidents effectively is yet to be developed and empirically tested. To address this gap, this research aim to develop and empirically test a conceptual model that would address the role of both social and technical part of cybersecurity infrastructure in enhancing organization’s incident management effectiveness. Based on dynamic capability perspective, a research model has been developed. Research motivation, literature review, research methodology, as well as potential research and practical implications are discussed in this manuscript

Towards an Intelligence-Driven Information Security Risk Management Process for Organisations

Three deficiencies exist in information security under prevailing practices: organisations tend to focus on compliance over protection; to estimate risk without investigating it; and to assess risk on an occasional (as opposed to continuous) basis. These tendencies indicate that important data is being missed and that the situation awareness of decision-makers in many organisations is currently inadequate. This research-in-progress paper uses Endsley\u27s situation awareness theory, and examines how the structure and functions of the US national security intelligence enterprise—a revelatory case of enterprise situation awareness development in security and risk management—correspond with Endsley’s theoretical model, and how facets of the US enterprise might be adapted to improve situation awareness in the information security risk management process of organisations

Enhancing security incident response follow-up efforts with lightweight agile retrospectives

Security incidents detected by organizations are escalating in both scale and complexity. As a result, security incident response has become a critical mechanism for organizations in an effort to minimize the damage from security incidents. The final phase within many security incident response approaches is the feedback/follow-up phase. It is within this phase that an organization is expected to use information collected during an investigation in order to learn from an incident, improve its security incident response process and positively impact the wider security environment. However, recent research and security incident reports argue that organizations find it difficult to learn from incidents. A contributing factor to this learning deficiency is that industry focused security incident response approaches, typically, provide very little practical information about tools or techniques that can be used to extract lessons learned from an investigation. As a result, organizations focus on improving technical security controls and not examining or reassessing the effectiveness or efficiency of internal policies and procedures. An additional hindrance, to encouraging improvement assessments, is the absence of tools and/or techniques that organizations can implement to evaluate the impact of implemented enhancements in the wider organization. Hence, this research investigates the integration of lightweight agile retrospectives and meta-retrospectives, in a security incident response process, to enhance feedback and/or follow-up efforts. The research contribution of this paper is twofold. First, it presents an approach based on lightweight retrospectives as a means of enhancing security incident response follow-up efforts. Second, it presents an empirical evaluation of this lightweight approach in a Fortune 500 Financial organization's security incident response team