Gary Eifried. (2005). A model describing a response to a terrorism incident. In B. C. B. Van de Walle (Ed.), Proceedings of ISCRAM 2005 – 2nd International Conference on Information Systems for Crisis Response and Management (pp. 125–127). Brussels: Royal Flemish Academy of Belgium.
Abstract: Understanding how the response to an incident of terrorism involving a Weapons of Mass Destruction (WMD) transpires is essential to understanding the necessary flow of information within that response. A model describing incident response functions overlaid on a realistic timeline is presented.
|
Stephen C. Fortier. (2013). Developing an incident response process model for chemical facilities. In J. Geldermann and T. Müller S. Fortier F. F. T. Comes (Ed.), ISCRAM 2013 Conference Proceedings – 10th International Conference on Information Systems for Crisis Response and Management (pp. 941–950). KIT; Baden-Baden: Karlsruher Institut fur Technologie.
Abstract: This research project investigated the incident response mechanism used by the chemical industry for handling extremely hazardous chemicals. The mechanism was described as the policies, procedures, practices, tools, and methods used to conduct incident response. The results from the study determined what technologies, specifically software and information systems, could be utilized to improve the chemical facility incident response mechanism. The chemical industry is responsible for process safety management at all of its facilities, especially those that have off-site consequences in the event of an unplanned release. The processes and procedures of local, regional and national emergency responders have been studied thoroughly. An area of research that is lacking is the study of incident response policies and procedures within the boundaries of a chemical site. Results of the analysis determined that the chemical industry, in general, does not take advantage of available information technology when responding to unplanned releases.
|
Harrasi, A. A., Grispos, G., & Gandhi, R. (2023). Using Cybersecurity Testbeds to Evaluate (In)Secure Structural Health Monitoring Systems. In Jaziar Radianti, Ioannis Dokas, Nicolas Lalone, & Deepak Khazanchi (Eds.), Proceedings of the 20th International ISCRAM Conference (pp. 902–908). Omaha, USA: University of Nebraska at Omaha.
Abstract: An increasing amount of technology is being integrated into bridges and other structures, such as dams and buildings, to proactively look for signs of deterioration or damage. These technologies are collectively known as structural health monitoring systems. While the benefits of integrating this technology are attractive, this integration is also creating an environment that is conducive to security vulnerabilities. While previous research has focused on the broader cybersecurity challenges associated with structural health monitoring systems, limited guidance is available for identifying specific security vulnerabilities in these systems and their implications for responding to security incidents. Hence, this paper presents CYBRBridge, a cybersecurity testbed that provides a sacrificial environment to assist in identifying and exploring vulnerabilities associated with structural health monitoring systems. This paper reports ongoing research efforts to develop the CYBRBridge testbed and initial results identifying vulnerabilities within the wireless components of a commercial structural health monitoring system
|
Jelle Groenendaal, Ira Helsloot, & Christian Reuter. (2022). Towards More Insight into Cyber Incident Response Decision Making and its Implications for Cyber Crisis Management. In Rob Grace, & Hossein Baharmand (Eds.), ISCRAM 2022 Conference Proceedings – 19th International Conference on Information Systems for Crisis Response and Management (pp. 1025–1036). Tarbes, France.
Abstract: Organizations affected by a cyber-attack usually rely on external Cyber Incident Response (CIR) consultants to conduct investigations and mitigate the impact. These CIR consultants need to make critical decisions that could have major impact on their clients. This preliminary investigation aims to get a better understanding of CIR decision -making and answers the following questions: (1.) To what extent do experienced CIR consultants use a Recognition-Primed Decision (RPD) Making strategy during their work? (2.) What are the implications for cyber crisis management as well as for training and decision -making? To answer these questions, we conducted a literature review and interviewed six experienced CIR consultants using the Critical Decision Method. Our analysis reveals that CIR consultants recognize situations based on past experiences and apply a course of action that has worked effectively in the past. This course of action is mainly aimed at collecting and evaluating more data. This finding differs from other operational domains, such as the military and fire department, where recognition is usually followed immediately by action. For cyber crisis management, this means that crisis management teams should decide to what extent and in what ways they want to mitigate the risk of responding belatedly to cyber events, which could potentially lead to unnecessary data theft and sustained business disruption. Another implication is that crisis management teams should consider whether additional forensic investigations outweigh the expected benefits throughout the response process. For instance, if the likely entry-point of the attacker has been discovered, how much effort should be devoted to exclude other potential entry-points. Reflecting on the status-quo, several implications for training and decision making are provided.
|
Kouji Kishi, Naoko Kosaka, Tsuneko Kura, & Tomohiro Kokogawa. (2017). Study on Integrated Risk-Management Support System Application to Emergency Management for Cyber Incidents. In eds Aurélie Montarnal Matthieu Lauras Chihab Hanachi F. B. Tina Comes (Ed.), Proceedings of the 14th International Conference on Information Systems for Crisis Response And Management (pp. 432–444). Albi, France: Iscram.
Abstract: We have been studying the standardization of an emergency-management support system mainly for natural disasters at the local-government level. The system provides information from three viewpoints, “Plan: What should we do?”, “Do: What are we doing?”, and “See: What kind of situations are we in?” to support decision making at an emergency operations center. Rapid and accurate judgment prevents the occurrence of new damage and the expansion of damage, and as a result resilience will increase. We investigated its applicability to emergency management for cyber incidents through a cyber-defense exercise.
|
Manne Messemaker, Jeroen Wolbers, Willem Treurniet, & Kees Boersma. (2013). Shaping societal impact: Between control and cooperation. In J. Geldermann and T. Müller S. Fortier F. F. T. Comes (Ed.), ISCRAM 2013 Conference Proceedings – 10th International Conference on Information Systems for Crisis Response and Management (pp. 901–905). KIT; Baden-Baden: Karlsruher Institut fur Technologie.
Abstract: In our modem society, the impact of large-scale spfety and security incidents can be large and diverse. Yet. this societal impact is makeable and controllable to a limited extent. At best, the effect of concrete response actions is that the direct damage is somewhat reduced and that the recovery is accelerated. Proper crisis communication can make the biggest difference with respect to overall societal impact. We argue that crisis communication must strike a balance between a directive approach of chaos, command and control and a more empathic approach of continuity, coordination and cooperation. On the basis of a concrete case we analyze how crisis communication reflects the incident response approach and how societal impact is affected.
|