The methodology for managing the abuse of it systems

Information Security Journal

Volumn 18, Issue 3, 2009, Pages 107-115

  Ryba, Miroslaw ^a   Poniewierski, Aleksander ^a   Sulwinski, Józef ^a   Górnisiewicz, Mateusz ^a  

^a Accounting Firm Ernst and Young   (Russian Federation)

Author keywords

CERT ; Incident handling; ISO; NIST; SANS; Security breach

Indexed keywords

EID: 84880971318     PISSN: 19393555     EISSN: 19393547     Source Type: Journal    
DOI: 10.1080/19393550902791457     Document Type: Article

References (7)

1. Department of the Navy. (1996, August). Computer Incident Response Guidebook, Module 19 – Information Systems Security (Infosec) Program Guidelines, NAVSO P-5239-19 Charleston, SC: Noval Command, Control and Ocean Surveillance Center In–Service Engineering East Coast Division.
2. Killcrece, G., Kossakowski, K.P., Ruefle, R., and Zajicek, M. (2003, December). Organizational models for computer security incident response teams (CSIRTs) Pittsburgh, PA: Carnegie Mellon University Software Engineering Institute.
3. National Institute of Standards and Technology. (2004, January). Special Publication 800-61, Computer Security Incident Handling Guide – Recommendations of the National Institute of Standards and Technology. Gaithersburg, MD: NIST.
4. Rezmierski, V., Carroll, A., and Hine, J. (2000). Incident cost analysis and modeling project. Ann Arbor, MI: The University of Michigan.
5. Ryba, M. (2004). Oparta na koncepcji rywalizacji metoda analizy ryzyka system informatycznych. Computer Science, UWND AGH. 2004, Vol. 6, pp. 37-48.
6. Ryba, M. and Sulwinski, J. (2005). A systematic approach to the process of detecting and reacting to IT systems abuse. IV Miedzynarodowy Kongres Audytu, Kontroli Wewnetrznej i Procedur Wykrywania oraz Zapobiegania Oszustwom Gospodarczym – conference papers, Kraków, June 16-17.
7. The SANS Institute. (1998, May). Computer Security Incident Handling Step by Step, Version 1.5.