Enhancing security incident response follow-up efforts with lightweight agile retrospectives

Security incidents detected by organizations are escalating in both scale and complexity. As a result, security incident response has become a critical mechanism for organizations in an effort to minimize the damage from security incidents. The final phase within many security incident response approaches is the feedback/follow-up phase. It is within this phase that an organization is expected to use information collected during an investigation in order to learn from an incident, improve its security incident response process and positively impact the wider security environment. However, recent research and security incident reports argue that organizations find it difficult to learn from incidents. A contributing factor to this learning deficiency is that industry focused security incident response approaches, typically, provide very little practical information about tools or techniques that can be used to extract lessons learned from an investigation. As a result, organizations focus on improving technical security controls and not examining or reassessing the effectiveness or efficiency of internal policies and procedures. An additional hindrance, to encouraging improvement assessments, is the absence of tools and/or techniques that organizations can implement to evaluate the impact of implemented enhancements in the wider organization. Hence, this research investigates the integration of lightweight agile retrospectives and meta-retrospectives, in a security incident response process, to enhance feedback and/or follow-up efforts. The research contribution of this paper is twofold. First, it presents an approach based on lightweight retrospectives as a means of enhancing security incident response follow-up efforts. Second, it presents an empirical evaluation of this lightweight approach in a Fortune 500 Financial organization's security incident response team

Security Incident Response Criteria: A Practitioner's Perspective

Industrial reports indicate that security incidents continue to inflict large financial losses on organizations. Researchers and industrial analysts contend that there are fundamental problems with existing security incident response process solutions. This paper presents the Security Incident Response Criteria (SIRC) which can be applied to a variety of security incident response approaches. The criteria are derived from empirical data based on in-depth interviews conducted within a Global Fortune 500 organization and supporting literature. The research contribution of this paper is twofold. First, the criteria presented in this paper can be used to evaluate existing security incident response solutions and second, as a guide, to support future security incident response improvement initiatives

Rethinking Security Incident Response: The Integration of Agile Principles

In today's globally networked environment, information security incidents can inflict staggering financial losses on organizations. Industry reports indicate that fundamental problems exist with the application of current linear plan-driven security incident response approaches being applied in many organizations. Researchers argue that traditional approaches value containment and eradication over incident learning. While previous security incident response research focused on best practice development, linear plan-driven approaches and the technical aspects of security incident response, very little research investigates the integration of agile principles and practices into the security incident response process. This paper proposes that the integration of disciplined agile principles and practices into the security incident response process is a practical solution to strengthening an organization's security incident response posture.Comment: Paper presented at the 20th Americas Conference on Information Systems (AMCIS 2014), Savannah, Georgi

In-the-wild residual data research and privacy

As the world becomes increasingly dependent on technology, researchers endeavor to understand how technology is used, the impact it has on everyday life and the life-cycle and span of digital information. In doing so, researchers are increasingly gathering `real-world' or `in the wild' residual data, obtained from a variety of sources without the explicit consent of the original owners. This data gathering raises significant concerns regarding privacy, ethics and legislation, as well as practical considerations concerning investigator training, data storage, overall security and disposal. This paper surveys recent studies of residual data gathered in the wild and analyses the challenges that were faced. Taking these insights, the paper presents a compendium of practices for addressing the issues that arise in in the wild residual data research. The practices presented in this paper can be used to critique current projects and assess the feasibility of proposed future research

Security Incident Response Criteria: A Practitioner\u27s Perspective

Industrial reports indicate that security incidents continue to inflict large financial losses on organizations. Researchers and industrial analysts contend that there are fundamental problems with existing security incident response process solutions. This paper presents the Security Incident Response Criteria (SIRC) which can be applied to a variety of security incident response approaches. The criteria are derived from empirical data based on in-depth interviews conducted within a Global Fortune 500 organization and supporting literature. The research contribution of this paper is twofold. First, the criteria presented in this paper can be used to evaluate existing security incident response solutions and second, as a guide, to support future security incident response improvement initiatives

How Good is Your Data? Investigating the Quality of Data Generated During Security Incident Response Investigations

An increasing number of cybersecurity incidents prompts organizations to explore alternative security solutions, such as threat intelligence programs. For such programs to succeed, data needs to be collected, validated, and recorded in relevant datastores. One potential source supplying these datastores is an organization’s security incident response team. However, researchers have argued that these teams focus more on eradication and recovery and less on providing feedback to enhance organizational security. This prompts the idea that data collected during security incident investigations may be of insufficient quality for threat intelligence analysis. While previous discussions focus on data quality issues from threat intelligence sharing perspectives, minimal research examines the data generated during incident response investigations. This paper presents the results of a case study identifying data quality challenges in a Fortune 500 organization’s incident response team. Furthermore, the paper provides the foundation for future research regarding data quality concerns in security incident response

Communicating the value of design: Design considerations to assist practitioner rationale in FMCG packaging development

Product packaging design is often produced through the practical application of tacit knowledge, rule of thumb and professional connoisseurship. Stakeholders are becoming increasingly demanding that design practitioners provide clarity of reasoning and accountability for their design proposals. Therefore, a better framework for the design of fast-moving consumer goods (FMCG) is required. This paper proposes a comprehensive taxonomy of ‘design considerations’ to assist the development of low involvement FMCG packaging and aid in rationale communication for design solutions. 302 academic sources were reviewed, inductive content analysis performed to code topics and output validation with academic and industry experts (n=9) through a modified-Delphi card sorting method. The research provides movement towards a comprehensive framework and common dialogue between stakeholders, practitioners and managers to assist in more effectively communicating the value that design can offer to FMCGs. The constructed taxonomy provides a set of 156 ‘design considerations’ to support in objective and informed design decision-making

The value of design in UK FMCG packaging development: An industry case study exploring practitioner design practice rationale & decision-making

Recognising the value design offers has been of great importance for the effective development and launch of Fast-Moving Consumer Goods (FMCG). Packaging design is acknowledged as a significant success factor in New Product Development (NPD) for the FMCG industry to help provide clear product differentiation and competitive advantage in saturated and complex markets. The search for approaches to maintain or improve market share has driven the field of consumer research over the last few decades. The potential to influence consumer perception of a product through visual design is well documented in the literature. Packaging design relies on effective management of symbolic, semantic, aesthetic and visual information elements. Stakeholders have been increasingly demanding that design practitioners provide a clear rationale and accountability for their design proposals in this risk-averse industry. However, limited research has been produced to address how packaging design and development is managed; and, how design practitioners rationalise and validate their design decision-making. The authors’ look to address this through the study of design practitioners in ‘real-world’ FMCG design practice. A case study is presented with a UK company involved in the design and manufacture of food and beverage packaging for suppliers, retailers and brands in the UK FMCG market. The research aims to identify preliminary insights and a narrative into the factors affecting practitioner rationale, decision-making and explore future research. The study triangulates evidence from interviews, participant observation, direct observation and document analysis to identify influences through a convergence of findings. Nine preliminary influences are recognised that appear to affect practitioner rationale and decision-making.<br

Stability and transport of parallel velocity shear driven mode with negative magnetic shear

The linear and quasilinear behavior of the drift-like perturbation with a parallel velocity shear is studied in a sheared slab geometry. Full analytic studies show that when the magnetic shear has the same sign as the second derivative of the parallel velocity with respect to the radial coordinate, the linear mode may become unstable and turbulent momentum transport increases. On the other hand, when the magnetic shear has opposite sign to the second derivative of the parallel velocity, the linear mode is completely stabilized and turbulent momentum transport reduces