Cybersecurity Incident Response and Management

This chapter presents a systematic literature review on best practices regarding cybersecurity incident response handling and incident management. The study identifies incident handling models that are used worldwide when responding to any type of cybersecurity incident. The authors highlight the importance of understanding the current cyber threat landscape in any incident response team and their standard operations procedures. The chapter provides guidelines for building a cybersecurity incident team in terms of incident categorization, capabilities, tasks, incident cost calculation, and metrics.

The Local Government’s Position in the Polish Cybersecurity System

This article discusses the local government’s position in the national cybersecurity system. It refers to the status of the local government administration in cyberspace, including the duties and responsibilities ensuring cybersecurity. In Poland, the local government is considered the basic form of decentralisation of public power, as a result of which the legislator has entrusted it with a significant portion of public duties. The list of such duties also encompasses telecommunication responsibilities carried out in cyberspace. In general practice, cyberspace is also used to carry out other responsibilities. The local government has the most extensive knowledge on the matters concerning a given (local or regional) community, referring also to cybersecurity; however, the legislator has not awarded this entity with any special status. It is merely one of the many entities forming the national cybersecurity system. Inter alia, the local government is obliged to carry out a range of activities aimed at incident detection, incident cause analysis, and corrective actions. It is also expected to ensure the appropriate incident management which includes, inter alia, incident handling and eliminating incident causes.

A collaborative approach for national cybersecurity incident management

Purpose Collaborative-based national cybersecurity incident management benefits from the huge size of incident information, large-scale information security devices and aggregation of security skills. However, no existing collaborative approach has been able to cater for multiple regulators, divergent incident views and incident reputation trust issues that national cybersecurity incident management presents. This paper aims to propose a collaborative approach to handle these issues cost-effectively. Design/methodology/approach A collaborative-based national cybersecurity incident management architecture based on ITU-T X.1056 security incident management framework is proposed. It is composed of the cooperative regulatory unit with cooperative and third-party management strategies and an execution unit, with incident handling and response strategies. Novel collaborative incident prioritization and mitigation planning models that are fit for incident handling in national cybersecurity incident management are proposed. Findings Use case depicting how the collaborative-based national cybersecurity incident management would function within a typical information and communication technology ecosystem is illustrated. The proposed collaborative approach is evaluated based on the performances of an experimental cyber-incident management system against two multistage attack scenarios. The results show that the proposed approach is more reliable compared to the existing ones based on descriptive statistics. Originality/value The approach produces better incident impact scores and rankings than standard tools. The approach reduces the total response costs by 8.33% and false positive rate by 97.20% for the first attack scenario, while it reduces the total response costs by 26.67% and false positive rate by 78.83% for the second attack scenario.

Cybersecurity Incident Response and Management

This chapter presents a systematic literature review on best practices regarding cybersecurity incident response handling and incident management. The study identifies incident handling models that are used worldwide when responding to any type of cybersecurity incident. The authors highlight the importance of understanding the current cyber threat landscape in any incident response team and their standard operations procedures. The chapter provides guidelines for building a cybersecurity incident team in terms of incident categorization, capabilities, tasks, incident cost calculation, and metrics.