47,486 research outputs found
Informal Learning in Security Incident Response Teams
Information security incident response is a critical security process for organisations aiming to provide an effective capability to recover from information security attacks. A critical component of security incident response methodologies is the ability to learn from security incidents on how to improve the incident response process in particular and security management in general. Best-practice methodologies and existing research in this area view the incident response process as highly formal and structured while providing recommendations on learning in formal feedback sessions at the conclusion of the incident investigation. This contrasts with more general organizational learning literature that suggests learning in organizations is frequently informal, incidental and ongoing. This research-in-progress paper describes the first phase of a project. Results from a focus group of experts indicates that response to incidents is largely informal suggesting a new Incident Response model is needed that incorporates informal learning practices
Security Incident Response Criteria: A Practitioner's Perspective
Industrial reports indicate that security incidents continue to inflict large financial losses on organizations.
Researchers and industrial analysts contend that there are fundamental problems with existing security
incident response process solutions. This paper presents the Security Incident Response Criteria (SIRC)
which can be applied to a variety of security incident response approaches. The criteria are derived from
empirical data based on in-depth interviews conducted within a Global Fortune 500 organization and
supporting literature. The research contribution of this paper is twofold. First, the criteria presented in this
paper can be used to evaluate existing security incident response solutions and second, as a guide, to
support future security incident response improvement initiatives
Rethinking Security Incident Response: The Integration of Agile Principles
In today's globally networked environment, information security incidents can
inflict staggering financial losses on organizations. Industry reports indicate
that fundamental problems exist with the application of current linear
plan-driven security incident response approaches being applied in many
organizations. Researchers argue that traditional approaches value containment
and eradication over incident learning. While previous security incident
response research focused on best practice development, linear plan-driven
approaches and the technical aspects of security incident response, very little
research investigates the integration of agile principles and practices into
the security incident response process. This paper proposes that the
integration of disciplined agile principles and practices into the security
incident response process is a practical solution to strengthening an
organization's security incident response posture.Comment: Paper presented at the 20th Americas Conference on Information
Systems (AMCIS 2014), Savannah, Georgi
Large emergency-response exercises: qualitative characteristics - a survey
Exercises, drills, or simulations are widely used, by governments, agencies and commercial organizations, to simulate serious incidents and train staff how to respond to them. International cooperation has led to increasingly large-scale exercises, often involving hundreds or even thousands of participants in many locations. The difference between ‘large’ and ‘small’ exercises is more than one of size: (a) Large exercises are more ‘experiential’ and more likely to undermine any model of reality that single organizations may create; (b) they create a ‘play space’ in which organizations and individuals act out their own needs and identifications, and a ritual with strong social implications; (c) group-analytic psychotherapy suggests that the emotions aroused in a large group may be stronger and more difficult to control. Feelings are an unacknowledged major factor in the success or failure of exercises; (d) successful large exercises help improve the nature of trust between individuals and the organizations they represent, changing it from a situational trust to a personal trust; (e) it is more difficult to learn from large exercises or to apply the lessons identified; (f) however, large exercises can help develop organizations and individuals. Exercises (and simulation in general) need to be approached from a broader multidisciplinary direction if their full potential is to be realized
Determining Training Needs for Cloud Infrastructure Investigations using I-STRIDE
As more businesses and users adopt cloud computing services, security
vulnerabilities will be increasingly found and exploited. There are many
technological and political challenges where investigation of potentially
criminal incidents in the cloud are concerned. Security experts, however, must
still be able to acquire and analyze data in a methodical, rigorous and
forensically sound manner. This work applies the STRIDE asset-based risk
assessment method to cloud computing infrastructure for the purpose of
identifying and assessing an organization's ability to respond to and
investigate breaches in cloud computing environments. An extension to the
STRIDE risk assessment model is proposed to help organizations quickly respond
to incidents while ensuring acquisition and integrity of the largest amount of
digital evidence possible. Further, the proposed model allows organizations to
assess the needs and capacity of their incident responders before an incident
occurs.Comment: 13 pages, 3 figures, 3 tables, 5th International Conference on
Digital Forensics and Cyber Crime; Digital Forensics and Cyber Crime, pp.
223-236, 201
Toward a Strategic Human Resource Management Model of High Reliability Organization Performance
In this article, we extend strategic human resource management (SHRM) thinking to theory and research on high reliability organizations (HROs) using a behavioral approach. After considering the viability of reliability as an organizational performance indicator, we identify a set of eight reliability-oriented employee behaviors (ROEBs) likely to foster organizational reliability and suggest that they are especially valuable to reliability seeking organizations that operate under “trying conditions”. We then develop a reliability-enhancing human resource strategy (REHRS) likely to facilitate the manifestation of these ROEBs. We conclude that the behavioral approach offers SHRM scholars an opportunity to explain how people contribute to specific organizational goals in specific contexts and, in turn, to identify human resource strategies that extend the general high performance human resource strategy (HPHRS) in new and important ways
Bombers and bystanders in suicide attacks in Israel, 2000 to 2003
The paper analyses the results of interaction between suicide operatives and
bystanders in the course of 103 suicide attacks in Israel over a recent threeyear
period. It shows that bystanders’ intervention tended to reduce the
casualties arising by numbers that were both statistically and practically
significant. When bystanders intervened, however, this was often at the cost of
their own lives. The value of a challenge was particularly large for suicide
missions associated with Hamas, but Hamas operations were also less likely to
meet a challenge in the first place. These findings, while preliminary, may
have implications for counter-terrorism. More systematic collection of
statistical data relating to suicide incidents would be of benefit
Evolving issues in Australian emergency management
This article examines some the challenges facing emergency management organizations (EMO's) and policy-makers in Australia. It considers how EMO's will need to be ready to prepare for and, where possible prevent, a range of evolving threats into the future. Such an ability to anticipate capability needs via effective threat assessment and response planning is a needed evolutionary response
- …