Informal Learning in Security Incident Response Teams

Information security incident response is a critical security process for organisations aiming to provide an effective capability to recover from information security attacks. A critical component of security incident response methodologies is the ability to learn from security incidents on how to improve the incident response process in particular and security management in general. Best-practice methodologies and existing research in this area view the incident response process as highly formal and structured while providing recommendations on learning in formal feedback sessions at the conclusion of the incident investigation. This contrasts with more general organizational learning literature that suggests learning in organizations is frequently informal, incidental and ongoing. This research-in-progress paper describes the first phase of a project. Results from a focus group of experts indicates that response to incidents is largely informal suggesting a new Incident Response model is needed that incorporates informal learning practices

Security Incident Response Criteria: A Practitioner's Perspective

Industrial reports indicate that security incidents continue to inflict large financial losses on organizations. Researchers and industrial analysts contend that there are fundamental problems with existing security incident response process solutions. This paper presents the Security Incident Response Criteria (SIRC) which can be applied to a variety of security incident response approaches. The criteria are derived from empirical data based on in-depth interviews conducted within a Global Fortune 500 organization and supporting literature. The research contribution of this paper is twofold. First, the criteria presented in this paper can be used to evaluate existing security incident response solutions and second, as a guide, to support future security incident response improvement initiatives

Rethinking Security Incident Response: The Integration of Agile Principles

In today's globally networked environment, information security incidents can inflict staggering financial losses on organizations. Industry reports indicate that fundamental problems exist with the application of current linear plan-driven security incident response approaches being applied in many organizations. Researchers argue that traditional approaches value containment and eradication over incident learning. While previous security incident response research focused on best practice development, linear plan-driven approaches and the technical aspects of security incident response, very little research investigates the integration of agile principles and practices into the security incident response process. This paper proposes that the integration of disciplined agile principles and practices into the security incident response process is a practical solution to strengthening an organization's security incident response posture.Comment: Paper presented at the 20th Americas Conference on Information Systems (AMCIS 2014), Savannah, Georgi

Large emergency-response exercises: qualitative characteristics - a survey

Exercises, drills, or simulations are widely used, by governments, agencies and commercial organizations, to simulate serious incidents and train staff how to respond to them. International cooperation has led to increasingly large-scale exercises, often involving hundreds or even thousands of participants in many locations. The difference between ‘large’ and ‘small’ exercises is more than one of size: (a) Large exercises are more ‘experiential’ and more likely to undermine any model of reality that single organizations may create; (b) they create a ‘play space’ in which organizations and individuals act out their own needs and identifications, and a ritual with strong social implications; (c) group-analytic psychotherapy suggests that the emotions aroused in a large group may be stronger and more difficult to control. Feelings are an unacknowledged major factor in the success or failure of exercises; (d) successful large exercises help improve the nature of trust between individuals and the organizations they represent, changing it from a situational trust to a personal trust; (e) it is more difficult to learn from large exercises or to apply the lessons identified; (f) however, large exercises can help develop organizations and individuals. Exercises (and simulation in general) need to be approached from a broader multidisciplinary direction if their full potential is to be realized

Determining Training Needs for Cloud Infrastructure Investigations using I-STRIDE

As more businesses and users adopt cloud computing services, security vulnerabilities will be increasingly found and exploited. There are many technological and political challenges where investigation of potentially criminal incidents in the cloud are concerned. Security experts, however, must still be able to acquire and analyze data in a methodical, rigorous and forensically sound manner. This work applies the STRIDE asset-based risk assessment method to cloud computing infrastructure for the purpose of identifying and assessing an organization's ability to respond to and investigate breaches in cloud computing environments. An extension to the STRIDE risk assessment model is proposed to help organizations quickly respond to incidents while ensuring acquisition and integrity of the largest amount of digital evidence possible. Further, the proposed model allows organizations to assess the needs and capacity of their incident responders before an incident occurs.Comment: 13 pages, 3 figures, 3 tables, 5th International Conference on Digital Forensics and Cyber Crime; Digital Forensics and Cyber Crime, pp. 223-236, 201

Toward a Strategic Human Resource Management Model of High Reliability Organization Performance

In this article, we extend strategic human resource management (SHRM) thinking to theory and research on high reliability organizations (HROs) using a behavioral approach. After considering the viability of reliability as an organizational performance indicator, we identify a set of eight reliability-oriented employee behaviors (ROEBs) likely to foster organizational reliability and suggest that they are especially valuable to reliability seeking organizations that operate under “trying conditions”. We then develop a reliability-enhancing human resource strategy (REHRS) likely to facilitate the manifestation of these ROEBs. We conclude that the behavioral approach offers SHRM scholars an opportunity to explain how people contribute to specific organizational goals in specific contexts and, in turn, to identify human resource strategies that extend the general high performance human resource strategy (HPHRS) in new and important ways

Bombers and bystanders in suicide attacks in Israel, 2000 to 2003

The paper analyses the results of interaction between suicide operatives and bystanders in the course of 103 suicide attacks in Israel over a recent threeyear period. It shows that bystanders’ intervention tended to reduce the casualties arising by numbers that were both statistically and practically significant. When bystanders intervened, however, this was often at the cost of their own lives. The value of a challenge was particularly large for suicide missions associated with Hamas, but Hamas operations were also less likely to meet a challenge in the first place. These findings, while preliminary, may have implications for counter-terrorism. More systematic collection of statistical data relating to suicide incidents would be of benefit

Evolving issues in Australian emergency management

This article examines some the challenges facing emergency management organizations (EMO's) and policy-makers in Australia. It considers how EMO's will need to be ready to prepare for and, where possible prevent, a range of evolving threats into the future. Such an ability to anticipate capability needs via effective threat assessment and response planning is a needed evolutionary response