|   | 
Details
   web
Records
Author Alexander Staves; Harry Balderstone; Benjamin Green; Antonios Gouglidis; David Hutchison
Title A Framework to Support ICS Cyber Incident Response and Recovery Type Conference Article
Year 2020 Publication ISCRAM 2020 Conference Proceedings – 17th International Conference on Information Systems for Crisis Response and Management Abbreviated Journal Iscram 2020
Volume Issue Pages 638-651
Keywords ICS; CNI; Cyber Incident; Guidance; Response and Recovery
Abstract During the past decade there has been a steady increase in cyber attacks targeting Critical National Infrastructure. In order to better protect against an ever-expanding threat landscape, governments, standards bodies, and a plethora of industry experts have produced relevant guidance for operators in response to incidents. However, in a context where safety, reliability, and availability are key, combined with the industrial nature of operational systems, advice on the right practice remains a challenge. This is further compounded by the volume of available guidance, raising questions on where operators should start, which guidance set should be followed, and how confidence in the adopted approach can be established. In this paper, an analysis of existing guidance with a focus on cyber incident response and recovery is provided. From this, a work in progress framework is posited, to better support operators in the development of response and recovery operations.
Address Lancaster University, UK; Lancaster University, UK; Lancaster University, UK; Lancaster University, UK; Lancaster University, UK
Corporate Author Thesis
Publisher Virginia Tech Place of Publication Blacksburg, VA (USA) Editor Amanda Hughes; Fiona McNeill; Christopher W. Zobel
Language English Summary Language English Original Title
Series Editor Series Title Abbreviated Series Title
Series Volume Series Issue Edition
ISSN 978-1-949373-27-59 ISBN 2411-3445 Medium
Track Resilience in Critical Infrastructures Expedition Conference 17th International Conference on Information Systems for Crisis Response and Management
Notes a.staves@lancaster.ac.uk Approved no
Call Number Serial 2260
Share this record to Facebook
 

 
Author Jelle Groenendaal; Ira Helsloot; Christian Reuter
Title Towards More Insight into Cyber Incident Response Decision Making and its Implications for Cyber Crisis Management Type Conference Article
Year 2022 Publication ISCRAM 2022 Conference Proceedings – 19th International Conference on Information Systems for Crisis Response and Management Abbreviated Journal Iscram 2022
Volume Issue Pages 1025-1036
Keywords Cyber Incident Response; Cyber Crisis Management; Naturalistic Decision-making
Abstract Organizations affected by a cyber-attack usually rely on external Cyber Incident Response (CIR) consultants to conduct investigations and mitigate the impact. These CIR consultants need to make critical decisions that could have major impact on their clients. This preliminary investigation aims to get a better understanding of CIR decision -making and answers the following questions: (1.) To what extent do experienced CIR consultants use a Recognition-Primed Decision (RPD) Making strategy during their work? (2.) What are the implications for cyber crisis management as well as for training and decision -making? To answer these questions, we conducted a literature review and interviewed six experienced CIR consultants using the Critical Decision Method. Our analysis reveals that CIR consultants recognize situations based on past experiences and apply a course of action that has worked effectively in the past. This course of action is mainly aimed at collecting and evaluating more data. This finding differs from other operational domains, such as the military and fire department, where recognition is usually followed immediately by action. For cyber crisis management, this means that crisis management teams should decide to what extent and in what ways they want to mitigate the risk of responding belatedly to cyber events, which could potentially lead to unnecessary data theft and sustained business disruption. Another implication is that crisis management teams should consider whether additional forensic investigations outweigh the expected benefits throughout the response process. For instance, if the likely entry-point of the attacker has been discovered, how much effort should be devoted to exclude other potential entry-points. Reflecting on the status-quo, several implications for training and decision making are provided.
Address Crisislab, The Netherlands; Science and Technology for Peace and Security (PEASEC), TU Darmstadt
Corporate Author Thesis
Publisher Place of Publication Tarbes, France Editor Rob Grace; Hossein Baharmand
Language English Summary Language Original Title
Series Editor Series Title Abbreviated Series Title
Series Volume Series Issue Edition
ISSN 2411-3387 ISBN 978-82-8427-099-9 Medium
Track Open Track Expedition Conference
Notes Approved no
Call Number ISCRAM @ idladmin @ Serial 2468
Share this record to Facebook