Turning Weakness into Strength

2019 ◽  
pp. 177-198
Author(s):  
Randy L. Burkhead
Keyword(s):  
Information Security ◽  
Phenomenological Model ◽  
Incident Management ◽  
Incident Response ◽  
After Action Review ◽  
Human Aspects ◽  
Interview Guide ◽  
The Common ◽  
Security Incidents ◽  
Management Cycle

In today's culture organizations have come to expect that information security incidents and breaches are no longer a matter of if but when. This shifting paradigm has brought increased attention, not to the defenses in place to prevent an incident but, to how companies manage the aftermath. Using a phenomenological model, organizations can reconstruct events focused on the human aspects of security with forensic technology providing supporting information. This can be achieved by conducting an after action review for incidents using a phenomenological model. Through this approach the researcher can discover the common incident management cycle attributes and how these attributes have been applied in the organization. An interview guide and six steps are presented to accomplish this type of review. By understanding what happened, how it happened, and why it happened during incident response, organizations can turn their moment of weakness into a pillar of strength.

Turning Weakness into Strength

2017 ◽  
pp. 118-139
Author(s):  
Randy L. Burkhead
Keyword(s):  
Information Security ◽  
Phenomenological Model ◽  
Incident Management ◽  
Incident Response ◽  
After Action Review ◽  
Human Aspects ◽  
Interview Guide ◽  
The Common ◽  
Security Incidents ◽  
Management Cycle

In today's culture organizations have come to expect that information security incidents and breaches are no longer a matter of if but when. This shifting paradigm has brought increased attention, not to the defenses in place to prevent an incident but, to how companies manage the aftermath. Using a phenomenological model, organizations can reconstruct events focused on the human aspects of security with forensic technology providing supporting information. This can be achieved by conducting an after action review for incidents using a phenomenological model. Through this approach the researcher can discover the common incident management cycle attributes and how these attributes have been applied in the organization. An interview guide and six steps are presented to accomplish this type of review. By understanding what happened, how it happened, and why it happened during incident response, organizations can turn their moment of weakness into a pillar of strength.

scholarly journals Improving Forensic Triage Efficiency through Cyber Threat Intelligence

2019 ◽  
Vol 11 (7) ◽  
pp. 162 ◽  
Author(s):  
Nikolaos Serketzis ◽  
Vasilios Katos ◽  
Christos Ilioudis ◽  
Dimitrios Baltatzis ◽  
Georgios Pangalos
Keyword(s):  
Information Security ◽  
Digital Forensics ◽  
Incident Response ◽  
Security Controls ◽  
Digital Forensic ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Series Of Experiments ◽  
Cyber Threat Intelligence ◽  
Security Incidents

The complication of information technology and the proliferation of heterogeneous security devices that produce increased volumes of data coupled with the ever-changing threat landscape challenges have an adverse impact on the efficiency of information security controls and digital forensics, as well as incident response approaches. Cyber Threat Intelligence (CTI)and forensic preparedness are the two parts of the so-called managed security services that defendants can employ to repel, mitigate or investigate security incidents. Despite their success, there is no known effort that has combined these two approaches to enhance Digital Forensic Readiness (DFR) and thus decrease the time and cost of incident response and investigation. This paper builds upon and extends a DFR model that utilises actionable CTI to improve the maturity levels of DFR. The effectiveness and applicability of this model are evaluated through a series of experiments that employ malware-related network data simulating real-world attack scenarios. To this extent, the model manages to identify the root causes of information security incidents with high accuracy (90.73%), precision (96.17%) and recall (93.61%), while managing to decrease significantly the volume of data digital forensic investigators need to examine. The contribution of this paper is twofold. First, it indicates that CTI can be employed by digital forensics processes. Second, it demonstrates and evaluates an efficient mechanism that enhances operational DFR.

RESEARCH OF IRP SYSTEMS BASED ON THE ANALYSIS OF MECHANISMS OF RESPONSE TO INFORMATION SECURITY INCIDENTS

2021 ◽  
Vol 53 (1) ◽  
pp. 74-82
Author(s):  
ANDREY R. OCHEREDKO ◽  
◽  
DMITRIY A. BACHMANOV ◽  
MICHAEL M. PUTYATO ◽  
ALEXANDER S. MAKARYAN ◽  
...  
Keyword(s):  
Information Security ◽  
Software Implementation ◽  
Incident Response ◽  
Security Incident ◽  
Expert Opinions ◽  
Python Language ◽  
Phishing Attacks ◽  
Comparison Results ◽  
Response Systems ◽  
Security Incidents

The article discusses the features and functions of information security incident response systems. The analysis of modern IRP solutions is presented and the process of responding to typical incidents in systems of this class is described. Based on expert opinions, a list of criteria was formed, which were divided into groups by areas of functional responsibility for further comparison of the work of IRP systems. The assessment of the main and additional characteristics of IRP-systems was carried out using the formed criterion groups. The analysis of the comparison results showed that the most promising solutions are R-Vision IRP, IBM Resilient IRP and open-source solution - The Hive. The algorithm of the module for preventing phishing attacks was developed and presented, the software implementation of which was made using the Python language. As part of the integration capabilities of The Hive, a custom response function was implemented that not only potentially improved the system's performance in preventing phishing attacks, but also increased employee awareness of this threat. The result is an IRP system with personal flexible customization of individual elements and is the basis for the formation of the Security Center (SOC), which will bring the information security of organizations to a new level.

scholarly journals A Reliable Measure of Information Security Awareness and the Identification of Bias in Responses

2017 ◽  
Vol 21 ◽  
Author(s):  
Agata McCormac ◽  
Dragana Calic ◽  
Marcus Butavicius ◽  
Kathryn Parsons ◽  
Tara Zwaans ◽  
...  
Keyword(s):  
Information Security ◽  
Security Awareness ◽  
Cultural Changes ◽  
Information Security Awareness ◽  
Training Interventions ◽  
Human Aspects ◽  
Current State ◽  
Awareness Programs ◽  
Test Retest Reliability ◽  
Security Incidents

The Human Aspects of Information Security Questionnaire (HAIS-Q) is designed to measure Information Security Awareness. More specifically, the tool measures an individual’s knowledge, attitude, and self-reported behaviour relating to information security in the workplace. This paper reports on the reliability of the HAIS-Q, including test-retest reliability and internal consistency. The paper also assesses the reliability of three preliminary over-claiming items, designed specifically to complement the HAIS-Q, and identify those individuals who provide socially desirable responses. A total of 197 working Australians completed two iterations of the HAIS-Q and the over-claiming items, approximately 4 weeks apart. Results of the analysis showed that the HAIS-Q was externally reliable and internally consistent. Therefore, the HAIS-Q can be used to reliably measure information security awareness. Reliability testing on the preliminary over-claiming items was not as robust and further development is required and recommended. The implications of these findings mean that organisations can confidently use the HAIS-Q to not only measure the current state of employee information security awareness within their organisation, but they can also measure the effectiveness and impacts of training interventions, information security awareness programs and campaigns. The influence of cultural changes and the effect of security incidents can also be assessed. 

scholarly journals IDENTIFICATION OF KEY PERSONS IN THE INFORMATION SECURITY INCIDEN Y INCIDENT MANAGEMENT PROCESS AND T PROCESS AND DISTRIBUTION OF ROLES BETWEEN THEM

2021 ◽  
Vol 2021 (3) ◽  
pp. 72-77
Author(s):  
Fayzullajon Botirov ◽  
◽  
Sharifjon Gafurov ◽  
Azam Gafurov ◽  
◽  
...  
Keyword(s):  
Information Security ◽  
Group Leader ◽  
Incident Management ◽  
Incident Response ◽  
Team Members ◽  
Security Incident ◽  
Response Team ◽  
Improvement Procedures

This research paper is devoted to the process of information security incident management and the distribution of the roles of key persons in this process. The skills required for members of the information security incident response team are considered, positions and responsibilities are given - typical positions that exist in each organization, testing and improvement procedures are given, the role of the information security incident response team members and employee positions is shown. The quality of the group leader is reflected; responsible for personnel management, scoping and reporting on the state of the organization at a higher level of the hierarchy.

Propositions for ensuring the information security in the common ukrainian satellite system of information transmission

1998 ◽  
Vol 4 (5-6) ◽  
pp. 62-66
Author(s):  
I.D. Gorbenko ◽  
◽  
Yu.V. Stasev ◽  
A.V. Pot ◽  
A.M. Tkachev ◽  
...  
Keyword(s):  
Information Security ◽  
Information Transmission ◽  
Satellite System ◽  
The Common

Do doctors care? Validating a tool for the assessment of health information security in Spanish-speaking countries (Preprint)

2020 ◽  
Author(s):  
Jorge Andres Delgado-Ron ◽  
Daniel Simancas-Racines
Keyword(s):  
Social Media ◽  
Information Security ◽  
Mobile Devices ◽  
Media Use ◽  
Medical Doctors ◽  
Spanish Translation ◽  
Social Media Use ◽  
Attitudes And Practices ◽  
Human Aspects ◽  
Password Management

BACKGROUND Healthcare has increased its use of information technology over the last few years. A trend followed higher usage of Electronic Health Record in low-and-middle-income countries where doctors use non-medical applications and websites for healthcare-related tasks. Information security awareness and practices are essential to reduce the risk of breaches. OBJECTIVE To assess the internal reliability of the Spanish translation of three areas of the Human Aspects of Information Security Questionnaire (HAIS-Q), and to assess the knowledge, attitudes, and practices of medical doctors around information security. METHODS This is a cross-sectional descriptive study designed as a questionnaire-based. We used focus areas (Password management, social media use, and mobile devices use) from the Human Aspects of Information Security Questionnaire (HAIS-Q). Medical doctors in Ecuador answered an online survey between December 2017 and January 2018. RESULTS A total of 434 health professionals (response rate: 0.65) completed all the questions in our study. Scores were 37.4 (SD 5.9) for Password Management, 35.4 (SD 5.0) for Social Media Use and 35.9 (SD 5.7) for Mobile Devices. Cronbach’s alpha coefficient (α) was 0.78 (95% CI: 0.75, 0.81) for password management, 0.73 (95%CI: 0.69, 0.77) for mobile devices and 0.77 (95% CI: 0.73, 0.78) for Social Media Use. CONCLUSIONS Our study shows that three components of the Spanish translation of the HAIS-Q questionnaire were internally reliable when applied in medical doctors. Medical doctors with eagerness to receive infosec training scored higher in social media use and mobile device use categories.

Sign in / Sign up

Export Citation Format

Share Document