toggle visibility Search & Display Options

Select All    Deselect All
 |   | 
Details
   print
  Records Links
Author Alexander Staves; Harry Balderstone; Benjamin Green; Antonios Gouglidis; David Hutchison pdf  isbn
openurl 
  Title A Framework to Support ICS Cyber Incident Response and Recovery Type Conference Article
  Year 2020 Publication ISCRAM 2020 Conference Proceedings – 17th International Conference on Information Systems for Crisis Response and Management Abbreviated Journal Iscram 2020  
  Volume Issue Pages 638-651  
  Keywords ICS; CNI; Cyber Incident; Guidance; Response and Recovery  
  Abstract During the past decade there has been a steady increase in cyber attacks targeting Critical National Infrastructure. In order to better protect against an ever-expanding threat landscape, governments, standards bodies, and a plethora of industry experts have produced relevant guidance for operators in response to incidents. However, in a context where safety, reliability, and availability are key, combined with the industrial nature of operational systems, advice on the right practice remains a challenge. This is further compounded by the volume of available guidance, raising questions on where operators should start, which guidance set should be followed, and how confidence in the adopted approach can be established. In this paper, an analysis of existing guidance with a focus on cyber incident response and recovery is provided. From this, a work in progress framework is posited, to better support operators in the development of response and recovery operations.  
  Address Lancaster University, UK; Lancaster University, UK; Lancaster University, UK; Lancaster University, UK; Lancaster University, UK  
  Corporate Author Thesis  
  Publisher Virginia Tech Place of Publication Blacksburg, VA (USA) Editor Amanda Hughes; Fiona McNeill; Christopher W. Zobel  
  Language English Summary Language English Original Title  
  Series Editor Series Title Abbreviated Series Title  
  Series Volume Series Issue Edition  
  ISSN 978-1-949373-27-59 ISBN (up) 2411-3445 Medium  
  Track Resilience in Critical Infrastructures Expedition Conference 17th International Conference on Information Systems for Crisis Response and Management  
  Notes a.staves@lancaster.ac.uk Approved no  
  Call Number Serial 2260  
Share this record to Facebook
 

 
Author Jelle Groenendaal; Ira Helsloot; Christian Reuter pdf  isbn
openurl 
  Title Towards More Insight into Cyber Incident Response Decision Making and its Implications for Cyber Crisis Management Type Conference Article
  Year 2022 Publication ISCRAM 2022 Conference Proceedings – 19th International Conference on Information Systems for Crisis Response and Management Abbreviated Journal Iscram 2022  
  Volume Issue Pages 1025-1036  
  Keywords Cyber Incident Response; Cyber Crisis Management; Naturalistic Decision-making  
  Abstract Organizations affected by a cyber-attack usually rely on external Cyber Incident Response (CIR) consultants to conduct investigations and mitigate the impact. These CIR consultants need to make critical decisions that could have major impact on their clients. This preliminary investigation aims to get a better understanding of CIR decision -making and answers the following questions: (1.) To what extent do experienced CIR consultants use a Recognition-Primed Decision (RPD) Making strategy during their work? (2.) What are the implications for cyber crisis management as well as for training and decision -making? To answer these questions, we conducted a literature review and interviewed six experienced CIR consultants using the Critical Decision Method. Our analysis reveals that CIR consultants recognize situations based on past experiences and apply a course of action that has worked effectively in the past. This course of action is mainly aimed at collecting and evaluating more data. This finding differs from other operational domains, such as the military and fire department, where recognition is usually followed immediately by action. For cyber crisis management, this means that crisis management teams should decide to what extent and in what ways they want to mitigate the risk of responding belatedly to cyber events, which could potentially lead to unnecessary data theft and sustained business disruption. Another implication is that crisis management teams should consider whether additional forensic investigations outweigh the expected benefits throughout the response process. For instance, if the likely entry-point of the attacker has been discovered, how much effort should be devoted to exclude other potential entry-points. Reflecting on the status-quo, several implications for training and decision making are provided.  
  Address Crisislab, The Netherlands; Science and Technology for Peace and Security (PEASEC), TU Darmstadt  
  Corporate Author Thesis  
  Publisher Place of Publication Tarbes, France Editor Rob Grace; Hossein Baharmand  
  Language English Summary Language Original Title  
  Series Editor Series Title Abbreviated Series Title  
  Series Volume Series Issue Edition  
  ISSN 2411-3387 ISBN (up) 978-82-8427-099-9 Medium  
  Track Open Track Expedition Conference  
  Notes Approved no  
  Call Number ISCRAM @ idladmin @ Serial 2468  
Share this record to Facebook
Select All    Deselect All
 |   | 
Details
   print

Save Citations:
Export Records: