Incident response teams - Challenges in supporting the organisational security function

Computers and Security

Volumn 31, Issue 5, 2012, Pages 643-652

  Ahmad, Atif ^a   Hadgkiss, Justin ^a   Ruighaver, A B ^b  

^a UNIVERSITY OF MELBOURNE   (Australia)

^b DEAKIN UNIVERSITY   (Australia)

Author keywords

Incident response; Information security; Organizational processes; Security learning; Security management; Security models

Indexed keywords

COST EFFECTIVENESS; SECURITY OF DATA;

INCIDENT RESPONSE; ORGANIZATIONAL PROCESS; SECURITY LEARNING; SECURITY MANAGEMENT; SECURITY MODEL;

RISK ASSESSMENT;

EID: 84862303039     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2012.04.001     Document Type: Article

References (40)

1. A. Ahmad, A.B. Ruighaver, and W.T. Teo An information-centric approach to data security in organizations Proceedings of Tencon 2005: IEEE Region 10, Melbourne, Australia 2005
2. C. Alberts, and A. Dorofee Managing information security risks 2004 Mellon Software Engineering Institute Pittsburgh, PA
3. C. Argyris, and D. Schon Organisational learning: a theory of action perspective 1978 Addison-Wesley
4. I. Benbasat, D.K. Goldstein, and M. Mead The case research strategy in studies of information systems MIS Quarterly 11 3 1987 369 386
5. P.G. Bishop, C. Johnson, W. Black, V. Hamilton, and K. Koorneef Learning from incidents involving E/E/PE systems: part 1 - review of methods and industry practice 2003 Adelard http://www.hse.gov.uk/research/rrpdf/rr179.pdf
6. P.G. Bishop, C. Johnson, and W. Black Learning from incidents involving E/E/PE systems: part 2 - recommended scheme 2003 Adelard http://www.hse.gov.uk/ research/rrpdf/rr181.pdf
7. D.L. Cooke Learning from incidents 2003 http://www.albany.edu/cpr/sds/ conf2003/proceed/PAPERS/201.pdf
8. D.L. Cooke, M. Dubetz, R. Heshmati, S. Iftody, E. McKimmon, and J. Powers A reference guide for learning from incidents in radiation treatment 2006 www.ihe.ca/documents/HTA-FR22.pdf
9. P. Darke, G. Shanks, and M. Broadbent Successfully completing case study research: combining rigour, relevance and pragmatism Information Systems Journal 8 1998 273 289
10. G. Dhillon, and J. Backhouse Current directions in IS security research: towards soci-organizational perspectives Information Systems Journal 11 2 2001 127 153
11. N. Dixon The organisational learning cycle: how we can learn collectively 2nd ed. 1999 Gower Hampshire
12. V. Jaikumar Organizations should build an incident response team ComputerWorld Canada 9 16 2002
13. G. Killcrece, P. Kossaowski, R. Ruefle, and M. Zajicek State of the practice of computer security incident response teams (CSIRTs) 2003 http://www.sei.cmu.edu/publications/documents/03.reports/03tr001.html
14. G. Killcrece, P. Kossaowski, R. Ruefle, and M. Zajicek Organizational models for computer security incident response teams (CSIRTs) 2003 http://www.cert.org/archive/pdf/03hb001.pdf
15. G. Killcrece, R. Ruefle, and M. Zajicek Creating and managing computer security incident response teams (CSIRTs) 2004 http://www.first.org/conference/ 2004/papers/t1-01.pdf
16. D.H. Kim The link between individual and organizational learning Sloan Management Review 35 1993 37 50
17. K.-P. Kossakowski, J. Allen, C. Alberts, C. Cohen, G. Ford, and B. Fraser Responding to intrusions 1999 http://www.potaroo.net/t4/docs/sim006.pdf
18. Y. Malhotra Organizational learning and learning organizations: an overview 1996 http://www.brint.com/papers/orglrng.htm
19. R.J. Meijer, and R. Tucker State-full risk assessment & automated security incident policy environment, version 0.3.1 ISECOM, 2003. Unknown: ISECOM 2003 http://isecom.securenetltd.com/sipes-goal-0.3.1.pdf
20. C.A. Melara System dynamics model of an insider attack on an information system 2003 http://www.albany.edu/cpr/sds/conf2003/proceed/PAPERS/294.pdf
21. S. Mitropolous, D. Patsos, and C. Douligeris On incident handling and response: a state-of-the-art approach Computers and Security 25 2006 351 370 (Pubitemid 44160526)
22. National Institute of Standards and Technology NIST special publication 800-61, computer security and incident handling guide Revision 1 2008 http://csrc.nist.gov/publications/
23. W.L. Neuman Social research methods - Qualitative and quantitative approaches 6th ed. 2006 Pearson Education, Inc Boston MA
24. C.J. Novak Investigative response: after the breach Computers and Security 26 2 2007 183 185 (Pubitemid 46415620)
25. SANS Institute. Computer security incident handling step by step. Available from: http://www.sans.org; n.d.
26. G. Shanks, A. Rouse, and D. Arnott A review of approaches in research and scholarship in information systems Proceedings of the 4th Australian Conference on Information Systems 1993 29 44 Brisbane
27. P. Shedden, A.B. Ruighaver, and A. Ahmad Risk management standards - the perception of ease of use Journal of Information Systems Security 6 3 2010
28. M. Siponen Analysis of modern IS security development approaches: towards the next generation of social and adaptable ISS methods Information and Organization 15 2005
29. D. Smith Forming an incident response team Proceedings of the FIRST Annual Conference July 1994 University of Queensland Brisbane, Australia
30. P. Stephenson Conducting incident post mortems Computer Fraud and Security 4 3 2003 16 19 Elsevier (Pubitemid 36442642)
31. T. Tan, A.B. Ruighaver, and A. Ahmad Incident handling: where the need for planning is often not recognised Proceedings of the 1st Australian Computer Network, Information & Forensics Conference 2003 Perth, Nov 24
32. J. Van Niekerk, and R. von Solms Organisational learning models for information security 2004 http://icsa.cs.up.ac.za/issa/2004/Proceedings/Full/ 043.pdf
33. K. Van Wyk, and R. Forno Incident response 2001 O'Reilly NY
34. G. Walsham Interpretive case studies in IS research: nature and method European Journal of Information Systems 4 1995 74 81
35. M.J. West-Brown Handbook of Computer Security Incident Response Teams (CSIRTs) 2nd ed. 2003 http://www.cert.org/archive/pdf/csirt-handbook.pdf
36. R. Werlinger Preparation, detection, and analysis: the diagnostic work of IT security incident response Information Management and Computer Security 18 1 2010 26 42
37. M.E. Whitman, and H.J. Mattord Principles of information security 2005 Thomson Course Technology
38. J. Wiik, J.J. Gonzales, and K.-P. Kossakowski Limits to effectiveness in computer security incident response teams Proceedings of the Twenty Third International Conference of the System Dynamics Society 2005 The System Dynamics Society Boston, MA
39. R. Yin Case study research 3rd ed. 2003 Sage Publications Thousand Oaks
40. H. Zafar, and J. Clark Current state of information security research in IS Communications of the Association for Information Systems 24 2009 Article 34