A survey of information security incident handling in the cloud

Computers and Security

Volumn 49, Issue , 2015, Pages 45-69

  Ab Rahman, Nurul Hidayah ^a,b   Choo, Kim Kwang Raymond ^a  

^a UNIVERSITY OF SOUTH AUSTRALIA   (Australia)

^b UNIVERSITI TUN HUSSEIN ONN MALAYSIA   (Malaysia)

Author keywords

Capability Maturity Model For Services (CMMI SVC); Cloud computing; Cloud response; Incident handling; Incident management; Incident response

Indexed keywords

CLOUD COMPUTING; COMPUTER CRIME; DIGITAL LIBRARIES; ELECTRONIC CRIME COUNTERMEASURES; SECURITY OF DATA; SOFTWARE ENGINEERING; SURVEYS;

CAPABILITY MATURITY MODELS; CLOUD ENVIRONMENTS; ENGLISH LANGUAGES; INCIDENT HANDLING; INCIDENT MANAGEMENT; INCIDENT RESPONSE; INFORMATION SECURITY INCIDENTS; NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY;

COMPUTER FORENSICS;

EID: 84916918767     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2014.11.006     Document Type: Review

References (214)

1. M. Abadi, H. Abelson, A. Acquisti, B. Barak, M. Bellare, and S. Bellovin Open letter from US researchers in cryptography and information security 2014 [viewed 18.06.14]
2. M. Afzaal, C. Di Sarno, L. Coppolino, S. DAntonio, and L. Romano A resilient architecture for forensic storage of events in critical infrastructures 2012 IEEE 14th international symposium on high-assurance systems engineering 2012 48 55
3. A. Agarwal, M. Gupta, S. Gupta, and S.C. Gupta Systematic digital forensic investigation model Int J Comput Sci Secur IJCSS 5 1 2011 118 167
4. A. Ahmad, J. Hadgkiss, and A.B. Ruighaver Incident response teams - challenges in supporting the organisational security function Comput Secur 31 5 2012 643 652
5. N. Al Mutawa, I. Baggili, and A. Marrington Forensic analysis of social networking applications on mobile devices Digit Investig 9 2012 2012 24 33
6. M. Alazab, S. Venkatraman, and P. Watters Effective digital forensic analysis of the NTFS disk image Ubiquitous Comput Commun J 4 3 2009 551 558
7. S.H. Albakri, B. Shanmugam, G.N. Samy, N.B. Idris, and A. Ahmed Security risk assessment framework for cloud computing environments Secur Commun Netw 7 11 2014 2114 2124
8. C. Alberts, A. Dorofee, G. Killcrece, R. Ruefle, and M. Zajicek Defining incident management processes for CSIRTs: a work in progress 2004 Pittsburgh
9. A. Aleem, and C.R. Sprott Let me in the cloud: analysis of the benefit and risk assessment of cloud platform J Financ Crime 20 1 2013 6 24
10. Amazon Web Services Penetration testing 2014 [viewed 03.05.14]
11. Amazon Web Services Vulnerability reporting 2014 [viewed 03.05.14]
12. P. Antonio, and L. Labuschangne A conceptual model for digital forensic readiness 2012 Information security for South Africa (ISSA) 2012 1 8
13. N.B. Anuar, S. Furnell, M. Papadaki, and N. Clarke A risk index model for security incident prioritisation Australian information security management conference 2011 24 39
14. N.B. Anuar, M. Papadaki, S. Furnell, and N. Clarke A response selection model for intrusion response systems: response strategy model (RSM) Secur Commun Netw 7 11 November 2014 1831 1848
15. S. Ardi, and N. Shahmehri A post-mortem incident modeling method 2009 International conference on availability, reliability and security 2009 1018 1023
16. A. Ariffin, K.R. Choo, and J. Slay Digital camcorder forensics Proceedings of the eleventh Australasian information security conference 2013 39 47
17. A. Ariffin, C. Dorazio, K.-K.R. Choo, and J. Slay iOS forensics: how can we recover deleted image files with timestamp in a forensically sound manner? 2013 International conference on availability, reliability and security 2013 375 382
18. A. Ariffin, J. Slay, and K. Choo Data recovery from proprietary-formatted CCTV hard disks Advances in digital forensics IX 2013 Springer Berlin Heidelberg 213 223
19. BAE Systems Detica botCloud - an emerging platform for cyber-attacks 2012 [viewed 18.06.14]
20. J. Bang, C. Lee, S. Lee, and K. Lee Damaged backup data recovery method for Windows mobile J Supercomput 66 2 2013 875 887
21. D. Barske, A. Stander, and J. Jordaan A digital forensic readiness framework for South African SMEs 2010 Information security for South Africa 2010 1 6
22. M.N. Bashir, J.P. Kesan, C.M. Hayes, and R. Zielinski Privacy in the cloud: going beyond the contractarian paradigm Proceedings of the 2011 workshop on governance of technology, information, and policies 2011 21 27
23. R. Baskerville, P. Spagnoletti, and J. Kim Incident-centered information security: managing a strategic balance between prevention and response Inf Manag 51 1 2014 138 151
24. A. Bendiek European cyber security policy SWP research paper 13 2012 German Institute for International and Security Affairs Berlin
25. D.S. Bhilare, A.K. Ramani, and S. Tanwani An architecture for a distributed collaborative inter university incident handling mechanism Int J Comput Internet Secur 2 1 2010 29 39
26. R. Bojanc A quantitative model for information-security risk management Eng Manag J 25 2 2013 25 37
27. British Standards Institution BIP 0107:2008 foundations of IT service management based on Itil V3, UK 2007
28. A. Butler, and K. Choo IT standards and guides do not adequately prepare IT practitioners to appear as expert witnesses: an Australian perspective Secur J 2013 1 20
29. A.A. Cárdenas, S. Amin, and Z. Lin Attacks against process control systems: risk assessment, detection, and response Proceedings of the 6th ACM symposium on information, computer and communications security 2011 355 366
30. B. Caskurlu, A. Gehani, C.C. Bilgin, and K. Subramani Analytical models for risk-based intrusion response Comput Netw 57 10 2013 2181 2192
31. H. Chivers, J.A. Clark, and P.-C. Cheng Risk profiles and distributed risk assessment Comput Secur 28 7 2009 521 535
32. K.-K.R. Choo The cyber threat landscape: challenges and future research directions Comput Secur 30 8 2011 719 731
33. K.-K.R. Choo A cloud security risk-management strategy IEEE Cloud Comput 1 2 2014 52 56
34. K.-K.R. Choo A conceptual interdisciplinary plug-and-play cyber security framework H. Kaur, X. Tao, ICTs and the millennium development goals - a United Nations perspective 2014 Springer New York, USA 81 99
35. K.-K.R. Choo Legal issues in the cloud IEEE Cloud Comput Mag 2014 94 96
36. H. Chung, J. Park, S. Lee, and C. Kang Digital forensic investigation of cloud storage services Digit Investig 9 2 2012 81 95
37. P. Cichonski, and K. Scarfone Computer security incident handling guide recommendations of the National Institute of Standards and Technology (NIST) 2012 NIST Gaithersburg
38. R.A. Clarke, M.J. Morell, G.R. Stone, C.R. Sunstein, and P. Swire Liberty and security in a changing world: report and recommendations of the Presidents Review Group on Intelligence and Communications Technologies 2013 Group on Intelligence and Communication Washington, D.C.
39. Cloud Security Alliance Security guidance for critical areas of focus in cloud computing 2011 CSA [viewed 01.08.14]
40. ® for services Version 1.3 2010 CMU/SEI Pittsburgh
41. F. Cohen Toward a science of digital forensic evidence examination Advances in digital forensics VI 2009 Springer Berlin Heidelberg 17 35
42. A. Connell, and T. Waits The CERT assessment tool: increasing a security incident responders ability to assess risk 2013 IEEE international conference on technologies for homeland security (HST) 2013 236 240
43. A. Connell, T. Palko, and H. Yasar Cerebro: a platform for collaborative incident response and investigation 2013 IEEE international conference on technologies for homeland security (HST) 2013 241 245
44. B. Cusack, and A.K. Kyaw Forensic readiness for wireless medical systems Australian digital forensics conference 2012 21 32
45. J.J. Cusick, and G. Ma Creating an ITIL inspired incident management approach: roots, response, and results 2010 IEEE/IFIP network operations and management symposium workshops 2010 142 148
46. R. Daley, T. Millar, and M. Osorno Operationalizing the coordinated incident handling model Technologies for homeland security (HST), 2011 IEEE international conference on 2011 287 294
47. M. Dekker, D. Liveri, and M. Lakka Cloud security incident reporting framework for reporting about major cloud security incidents 2013 ENISA Athens
48. X. Ding, D.C. Road, and M.H. District Time based data forensic and cross-reference analysis Proceedings of the 2011 ACM symposium on applied computing 2011 185 190
49. J. Dykstra, and A.T. Sherman Acquiring forensic evidence from infrastructure-as-a-service cloud computing: exploring and evaluating tools, trust, and techniques Digit Investig 9 2012 90 98
50. C. D'Orazio, A. Ariffin, and K.R. Choo iOS anti forensics: how can we securely conceal, delete and insert data? 47th Hawaii international conference on system sciences 2014 4838 4847
51. M. Elyas, S.B. Maynard, A. Ahmad, and A. Lonie Towards a systematic framework for digital forensic readiness J Comput Inf Syst 54 3 2014 97 106
52. European Network and Information Security Agency (ENISA) Good practice guide for incident management 2010 ENISA Athens
53. European Network and Information Security Agency (ENISA) National cyber security strategies 2012 ENISA Athens
54. J. Farina, M. Scanlon, and M.-T. Kechadi BitTorrent Sync: first impressions and digital forensic implications Digit Investig 11 2014 2014 77 86
55. Federal Office for Information Security Security recommendations for cloud computing providers 2011 [viewed 21.10.14]
56. B.A. Fessi, S. Benabdallah, N. Boudriga, and M. Hamdi A multi-attribute decision model for intrusion response system Inf Sci 270 2014 2014 237 254
57. F.C. Freiling, and B. Schwittay A common process model for incident response and computer forensics Proceedings of the 2007 IT incident management & IT forensics (IMF 2007) vol. 7 2007 19 40
58. C. Frühwirth, and T. Männistö Improving CVSS-based vulnerability prioritization and response with context information 3rd International symposium on empirical software engineering and measurement 2009 535 544
59. S. Garfinkel, A.J. Nelson, and J. Young A general strategy for differential forensic analysis Digit Investig 9 2012 2012 50 59
60. B. Grobauer, and T. Schreck Towards incident handling in the cloud Proceedings of the 2010 ACM workshop on cloud computing security workshop (CCSW 10) 2010 77 85
61. M. Grobler, and H. Bryk Common challenges faced during the establishment of a CSIRT 2010 Information security for South Africa 2010 1 6
62. C.P. Grobler, C.P. Louwrens, and S.H. von Solms A framework to guide the implementation of proactive digital forensics in organisations 2010 International conference on availability, reliability and security 2010 677 682
63. J. Grover Android forensics: automated data collection and reporting from a mobile device Digit Investig 10 2013 2013 12 20
64. W. Guo, and Y. Wang An incident management model for SaaS application in the IT organization 2009 International conference on research challenges in computer science 2009 137 140
65. C. Gurkok Cyber forensics and incident response Computer and information security handbook 2nd ed. 2013 Elsevier Inc. 601 622
66. R. Hadjidj, M. Debbabi, H. Lounis, F. Iqbal, A. Szporer, and D. Benredjem Towards an integrated e-mail forensic analysis framework Digit Investig 5 3-4 2009 124 137
67. W. He, X. Yuan, L. Yang, and C. Science Supporting case-based learning in information security with web-based technology J Inf Syst Educ 24 1 2013 31 41
68. Y. He, C. Johnson, K. Renaud, Y. Lu, and S. Jebrieli An empirical study on the use of the generic security template for structuring the lessons from information security incidents 2014 6th International conference on CSIT 2014 178 188
69. A. Herrmann, A. Morali, S. Etalle, and R. Wieringa RiskREP: risk-based security requirements elicitation and prioritization 2011 Centre for Telematics and Information Technology (University of Twente) Enschede 1 8
70. C. Hooper, B. Martini, and K.-K.R. Choo Cloud computing and its implications for cybercrime investigations Aust Comput Law Secur Rev 29 2 2013 152 163
71. C. Hove, and T. Marte Information security incident management: an empirical study of current practice 2013 Norwegian University of Science and Technology
72. C. Hove, T. Marte, M.B. Line, and K. Bernsmed Information security incident management: identified practice in large organizations 2014 Eighth international conference on IT security incident management & IT forensics 2014 27 46
73. C.T. Hsu, G.H. Luo, and S.M. Yuan Personalized cloud storage system: a combination of LDAP distributed file system Genetic and evolutionary computing 2014 Springer International Publishing 399 408
74. M.I. Husain, and R. Sridhar iForensics: forensic analysis of instant messaging on smart phones Digital forensics and cyber crime 2010 Springer Berlin Heidelberg 9 18
75. B. Inglot, and L. Liu Enhanced timeline analysis for digital forensic investigations Inf Secur J A Glob Perspect 2014 1 13
76. International Standard for Organisation ISO/IEC 27035:2011 information technology - security techniques - information security incident management 2011 Geneva
77. D. Irwin, and J. Slay Extracting evidence related to VoIP calls Advances in digital forensics VII 2011 Springer Berlin Heidelberg 221 228
78. S. Ismail, A. Ahmad, M. Afizi, and M. Shukran New method of forensic computing in a small organization Aust J Basic Appl Sci 5 9 2011 2019 2025
79. W. Jansen, and T. Grance Guidelines on security and privacy in public cloud computing 2011 NIST Gaithersburg
80. L.R. Johnson The stages of incident response, computer incident response and forensics team management 2014 21 35
81. J. Jung, C. Jeong, K. Byun, and S. Lee Sensitive privacy data acquisition in the iPhone for digital forensic analysis Secure and trust computing, data management and applications 2011 Springer Berlin Heidelberg 172 186
82. F.P. Junqueira, B.C. Reed, and M. Serafini Zab: high-performance broadcast for primary-backup systems 2011 IEEE/IFIP 41st international conference on dependable systems & networks (DSN) 2011 245 256
83. M. Kaart, and S. Laraghy Android forensics: interpretation of timestamps Digit Investig 2014 1 15
84. P. Kácha Adapting the ticket request system to the needs of CSIRT teams WSEAS Trans Comput 8 9 2009 1440 1450
85. W. Kearney, and H. Kruger Effective corporate governance: combining an ICT security incident and organisational learning The 2nd international conference on cyber security, cyber peacefare and digital forensic (CyberSec 2013) 2013 12 21
86. N. Kheir, and N. Cuppens-Boulahia A service dependency model for cost-sensitive intrusion response Computer security-ESORICS 2010 2010 Springer Berlin Heidelberg 626 642
87. N. Kheir, H. Debar, C.N. Boulahia, F. Cuppens, and J. Viinikka Cost evaluation for intrusion response using dependency graphs Network and service security, 2009, N2S09. International conference on 2009 1 6
88. T. Khorshed, A.B.M.S. Ali, and S.A. Wasimi A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing Future Gener Comput Syst 28 6 2012 833 851
89. H. Khurana, J. Basney, M. Bakht, M. Freemon, V. Welch, and R. Butler Palantir: a framework for collaborative incident response and investigation Proceedings of the 8th symposium on identity and trust on the internet 2009 38 51
90. G. Killcrece State of the practice of computer security incident response teams (CSIRTs) 2003 CMU/SEI Pittsburgh
91. G. Killcrece, K.-P. Kossakowski, R. Ruefle, and M. Zajicek Organizational models for computer security incident response teams (CSIRTs) 2003 CMU/SEI Pittsburgh
92. S.-H. Kim, S.-S. Choi, H.-S. Park, and J.-W. Choi Advanced bot response mechanism based on DNS sinkhole Inf Int Interdiscip J 14 7 2011 2499 2521
93. G. Klein, H. Rogge, F. Schneider, J. Toelle, M. Jahnke, and S. Karsch Response initiation in distributed intrusion response systems for tactical MANETs 2010 European conference on computer network defense 2010 55 62
94. M.D. Kohn, M.M. Eloff, and J.H.P. Eloff Integrated digital forensic process model Comput Secur 38 2013 2013 103 115
95. E. Koivunen Why wasn't I notified?: information security incident reporting demystified Information security technology for application 2012 Springer Berlin Heidelberg 55 70
96. A. Kostina, N. Miloslavskaya, and A. Tolstoy Information security incident management process Proceedings of the 2nd international conference on security of information and networks - SIN 2009 93
97. M. Kozlovszky, L. Kovacs, M. Torocsik, G. Windisch, S. Acs, and D. Prem Cloud security monitoring and vulnerability management IEEE 17th international conference on intelligent engineering systems 2013 265 269 No. 70
98. P. Kral Incident handler handbook 2011 SANS Institute
99. J. Krichene, and N. Boudriga Incident response probabilistic cognitive maps 2008 IEEE international symposium on parallel and distributed processing with applications 2008 689 694
100. O. Kulikova, R. Heil, J. van den Berg, and W. Pieters Cyber crisis management: a decision-support framework for disclosing security incident information 2012 International conference on cyber security 2012 103 112
101. A. Kundu, and S.K. Ghosh Game theoretic attack response framework for enterprise networks Distributed computing and internet technology 2014 Springer International Publishing 263 274
102. S. Kurowski, and S. Frings Computational documentation of IT incidents as support for forensic operations 2011 Sixth international conference on IT security incident management and IT forensics 2011 37 47
103. M. Landman Managing smart phone security risks 2010 Information security curriculum development conference on - InfoSecCD 2010 145
104. J. Lee, and D. Hong Pervasive forensic analysis based on mobile cloud computing 2011 Third international conference on multimedia information networking and security 2011 572 576
105. W. Lee, W. Fan, M. Miller, S. Stolfo, and E. Zadok Toward cost-sensitive modeling for intrusion detection and response J Comput Secur 10 2 2002 5 22
106. H. Li, X. Tian, W. Wei, and C. Sun A deep understanding of cloud computing security issues in cloud computing Network computing and information security 2012 Springer Berlin Heidelberg 98 105
107. M.B. Line A case study: preparing for the smart grids - identifying current practice for information security incident management in the power industry 2013 Seventh international conference on IT security incident management and IT forensics 2013 26 32
108. Y. Luo, F. Szidarovszky, Y. Al-Nashif, and S. Hariri A fictitious play-based response strategy for multistage intrusion defense systems Secur Commun Netw 2014 7 2014 473 491
109. W.M. Ma Study on architecture-oriented information security risk assessment model Computational collective intelligence: technologies and applications 2010 Springer Berlin Heidelberg 218 226
110. D.C. Marinescu Cloud infrastructure Cloud computing: theory and practice 1st ed. 2013 Elsevier Inc. 67 98
111. B. Martini, and K.-K.R. Choo An integrated conceptual digital forensic framework for cloud computing Digit Investig 9 2 2012 71 80
112. B. Martini, and K.-K.R. Choo Cloud storage forensics: ownCloud as a case study Digit Investig 10 4 2013 1 13
113. B. Martini, and K.R. Choo Distributed filesystem forensics: XtreemFS as a case study Digit Investig 11 4 2014 295 313 http://dx.doi.org/10.1016/j.diin.2014.08.002
114. R. McKemmish What is forensic computing? Trends Issue Crime Crim Justice 1999 118 1999 1 6
115. S. Mitropoulos, D. Patsos, and C. Douligeris On incident handling and response: a state-of-the-art approach Comput Secur 25 5 2006 351 370
116. C. Modi, D. Patel, and B. Borisaniya A survey on security issues and solutions at different layers of cloud computing J Supercomput 63 2 2013 561 592
117. A. Monfared, and M.G. Jaatun Handling compromised components in an IaaS cloud installation J Cloud Comput Adv Syst Appl 1 1 2012 1 21
118. S. Morrissey iOS forensic analysis for iPhone, iPad, and iPod touch 2010 APress
119. A. Moser, and M.I. Cohen Hunting in the enterprise: forensic triage and incident response Digit Investig 10 2 2013 89 98
120. C. Mu, and Y. Li An intrusion response decision-making model based on hierarchical task network planning Expert Syst Appl 37 3 2010 2465 2472
121. R. Murray, and M. Ruefle CSIRT requirements for situational awareness 2014 CMU/SEI Pittsburgh
122. MyCERT MyCERT incident statistics 2013 [viewed 02.04.014]
123. A. Mylonas, V. Meletiadis, B. Tsoumas, and L. Mitrou Smartphone forensics: a proactive investigation scheme for evidence acquisition, in information security and privacy research 2012 Springer Berlin Heidelberg 249 260
124. S. Ngobeni, H. Venter, and I. Burke A forensic readiness model for wireless networks Advances in digital forensic VII 2010 Springer Berlin Heidelberg 107 117
125. S. Ngobeni, H. Venter, and I. Burke The modelling of a digital forensic readiness approach for wireless local area networks J Univers Comput Sci 18 12 2012 1721 1740
126. B.J. Nikkel Fostering incident response and digital forensics research Digit Investig 11 4 December 2014 249 251 http://dx.doi.org/10.1016/j.diin.2014.09.004
127. M. Nowruzi, H.H. Jazi, M. Dehghan, M. Shahmoradi, S.H. Hashemi, and M. Babaeizadeh A comprehensive classification of incident handling information 6th International symposium on telecommunications (IST) 2012 1071 1075
128. C. Ntantogian, D. Apostolopoulos, G. Marinakis, and C. Xenakis Evaluating the privacy of Android mobile applications under forensic analysis Comput Secur 42 2014 2014 66 76
129. S. Omeleze, and H.S. Venter Testing the harmonised digital forensic investigation process model-using an Android mobile phone 2013 Information security for South Africa 2013 1 8
130. D. Ongaro, S.M. Rumble, R. Stutsman, J. Ousterhout, M. Rosenblum, and D.O.S. Organization Fast crash recovery in RAMCloud Proceedings of the 23rd ACM symposium on operating systems principles 2011 29 41
131. P. Owen, and P. Thomas An analysis of digital forensic examinations: mobile devices versus hard disk drives utilising ACPO & NIST guidelines Digit Investig 8 2 2011 135 140
132. G. Pangalos, C. Ilioudis, and I. Pagkalos The importance of corporate forensic readiness in the information security framework 2010 19th IEEE international workshops on enabling technologies: infrastructures for collaborative enterprises 2010 12 16
133. A. Patel, M. Taghavi, K. Bakhtiyari, and J. Celestino Júnior An intrusion detection and prevention system in cloud computing: a systematic review J Netw Comput Appl 36 1 2013 25 41
134. M.T. Pereira Forensic analysis of the Firefox 3 internet history and recovery of deleted SQLite records Digit Investig 5 3-4 2009 93 103
135. E.S. Pilli, R.C. Joshi, and R. Niyogi A generic framework for network forensics Int J Comput Appl 1 11 2010 1 6
136. L. Ping, Y. Haifeng, and M. Guoqing An incident response decision support system based on CBR and ontology 2010 International conference on computer application and system modeling (ICCASM 2010) 2010 V11 337
137. Parliament of the Commonwealth of Australia (PoA) Hackers, fraudsters and botnets: tackling the problem of cyber crime 2010 PoA Canberra
138. Ponemon Institute 2013 Cost of cyber crime study: United States 2013
139. N. Poolsappasit, R. Dewri, and I. Ray Dynamic security risk management using Bayesian attack graphs IEEE Trans Dependable Secure Comput 9 1 2012 61 74
140. T. Proctor The development of warning, advice and reporting points (WARPs) in UK national infrastructure Critical information infrastructure security 2013 Springer Berlin Heidelberg 164 174
141. D. Quick, and K.-K.R. Choo Digital droplets: Microsoft SkyDrive forensic data remnants Future Gener Comput Syst 29 6 2013 1378 1394
142. D. Quick, and K.-K.R. Choo Dropbox analysis: data remnants on user machines Digit Investig 10 1 2013 3 18
143. D. Quick, and K.-K.R. Choo Forensic collection of cloud storage data: does the act of collection result in changes to the data or its metadata? Digit Investig 10 3 2013 266 277
144. D. Quick, and K.-K.R. Choo Data reduction and data mining framework for digital forensic evidence: storage, intelligence, review and archive Trends Issues Crime Crim Justice 480 2014 1 11
145. D. Quick, and K.-K.R. Choo Google drive: forensic analysis of cloud storage data remnant J Netw Comput Appl 40 2014 2014 179 193
146. D. Quick, and K.-K.R. Choo Impacts of increasing volume of digital forensic data: a survey and future research challenges Digit Investig 11 4 December 2014 273 294 http://dx.doi.org/10.1016/j.diin.2014.09.002
147. D. Quick, B. Martini, and K.-K.R. Choo Cloud storage forensics 2014 Syngress
148. K. Reddy, and H. Venter A forensic framework for handling information Advances in digital forensics V 2009 Springer Berlin Heidelberg 143 155
149. C. Rong, S.T. Nguyen, and M.G. Jaatun Beyond lightning: a survey on security challenges in cloud computing Comput Electr Eng 39 1 2013 47 54
150. K. Ruan, J. Carthy, T. Kechadi, and M. Crosbie Cloud forensics Advances in digital forensic VII 2011 Springer Berlin Heidelberg 35 46
151. R. Ruefl, A. Dorofee, D. Mundie, A.D. Householder, M. Murray, and S.J. Perl Computer security incident response team development and evolution IEEE Secur Priv 12 5 2014 16 26
152. S.R. Sarkar, R. Mahindru, R.A. Hosn, N. Vogl, and H.V. Ramasamy Automated incident management for a platform-as-a-service cloud Proceedings of the 11th USENIX conference on hot topics in management of internet, cloud, and enterprise network and services 2011 5 11
153. N. Satoh, and H. Kumamoto Analysis of information security problem by probabilistic risk assessment Int J Comput 3 3 2009 337 347
154. A. Shameli-Sendi, and M. Dagenais ARITO: cyber-attack response system using accurate risk impact tolerance Int J Inf Secur 2013 2013 1 24
155. A. Shameli-Sendi, N. Ezzati-Jivan, M. Jabbarifar, and M. Dagenais Intrusion response systems: survey and taxonomy Int J Comput Sci Netw Secur 12 1 2012 1 14
156. A. Shameli-Sendi, M. Cheriet, and A. Hamou-Lhadj Taxonomy of intrusion risk assessment and response system Comput Secur 45 2014 1 16
157. P. Shedden, A. Ahmad, and A.B. Ruighaver Organisational learning and incident response: promoting effective learning through the incident response process Australian information security management conference 2010 131 142
158. P. Shedden, A. Ahmad, and A.B. Ruighaver Informal learning in security incident response teams Proceedings of 2011 Australasian conference on information system (ACIS) 2011 1 11
159. P. Shedden, R. Scheepers, W. Smith, and A. Ahmad Incorporating a knowledge perspective into security risk assessments VINE J Inf Knowl Manag Syst 41 2 2011 152 166
160. C. Shields, O. Frieder, and M. Maloof A system for the proactive, continuous, and efficient collection of digital forensic evidence Digit Investig 8 2011 2011 3 13
161. A.F. Shosha, J.I. James, A. Hannaway, C. Liu, P. Gladyshev, and A. Shosha Towards automated malware behavioral analysis and profiling for digital forensic investigation purposes Digital forensics and cyber crime 2013 Springer Berlin Heidelberg 66 80
162. M. Simon, and K.-K.R. Choo Digital forensics: challenges and future research directions I.-S. Kim, J. Liu, Contemporary trends in Asian criminal justice: paving the way for the future 2014 Korean Institute of Criminology Seoul 105 146
163. R. Sindoori, P.V. Pallavi, and P. Abinaya 2012 An overview of disaster recovery in virtualization technology J Artif Intell 6 2013 2012 60 67
164. J. Slay, and E. Sitnikova The development of a generic framework for the forensic analysis of SCADA and process control systems Forensics in telecommunications, information and multimedia 2009 Springer Berlin Heidelberg 77 82
165. M.K. Srinivasan, and P. Rodrigues State-of-the-art cloud computing security taxonomies: a classification of security challenges in the present cloud Proceedings of the international conference on advances in computing, communications and informatics 2012 470 476
166. N. Stakhanova, S. Basu, and J. Wong A cost-sensitive model for preemptive intrusion response systems 21st International conference on advanced networking and applications (AINA) 2007 428 435
167. N. Stakhanova, S. Basu, and J. Wong A taxonomy of intrusion response systems Int J Inf Comput Secur 1 1/2 2007 169 184
168. C. Strasburg, N. Stakhanova, S. Basu, and J.S. Wong A framework for cost sensitive assessment of intrusion response selection 2009 33rd Annual IEEE international computer software and applications conference 2009 355 360
169. C. Strasburg, N. Stakhanova, S. Basu, and J.S. Wong Intrusion response cost assessment methodology Proceedings of the 4th international symposium on information, computer, and communications security - ASIACCS 2009 388 391
170. S. Subashini, and V. Kavitha A survey on security issues in service delivery models of cloud computing J Netw Comput Appl 34 1 2011 1 11
171. J. Sylve, A. Case, L. Marziale, and G.G. Richard Acquisition and analysis of volatile memory from Android devices Digit Investig 8 3-4 2012 175 184
172. Symantec 2013 Norton report: total cost of cybercrime in Australia amounts to AU$1.06 billion 2013 [viewed 02.04.14]
173. H. Takabi, B.J. James, and J.A. Gail Security and privacy challenges in cloud computing environments IEEE Secur Priv Mag 8 6 2010 24 31
174. Y. Tan, H. Jiang, D. Feng, L. Tian, and Z. Yan CABdedupe: a causality-based deduplication performance booster for cloud backup services 2011 IEEE international parallel & distributed processing symposium 2011 1266 1277
175. L.P. Taylor Developing an incident response plan FISMA compliance handbook 2nd ed. 2013 95 115
176. M. Taylor, J. Haggerty, D. Gresty, and D. Lamb Forensic investigation of cloud computing systems Netw Secur 2011 3 2011 4 10
177. M. Theoharidou, P. Kotzanikolaou, and D. Gritzalis Risk assessment methodology for interdependent critical infrastructures Int J Risk Assess Manag 15 2/3 2011 128 148
178. M. Theoharidou, A. Mylonas, and D. Gritzalis A risk assessment method for smartphones Information security and privacy research 2012 Springer Berlin Heidelberg 443 456
179. N. Thethi, and A. Keane Digital forensics investigations in the cloud 2014 IEEE international advance computing conference (IACC) 2014 1475 1480
180. I.A. Tøndel, M.B. Line, and M.G. Jaatun Information security incident management: current practice as reported in the literature Comput Secur 45 2014 2014 42 57
181. D. Trček, H. Abie, A. Skomedal, and I. Starc Advanced framework for digital forensic technologies and procedures J Forensic Sci 55 6 2010 1471 1480
182. P.M. Trenwith, and H.S. Venter Digital forensic readiness in the cloud 2013 Information security for South Africa 2013 1 5
183. US District Court for the District of Columbia Morandum opinion: civil action no. 13-0851 (RJL) 2013 [viewed 18.06.14]
184. U.S. GAO Information security: agencies need to improve cyber incident response practices 2014 United States Government Accountability Office Washington
185. K. Usmani, A.K. Mohapatra, and N. Prakash An improved framework for incident handling Inf Secur J Glob Perspect 22 1 2013 1 9
186. M.-C. Valiente, E. Garcia-Barriocanal, and M.-A. Sicilia Applying an ontology approach to IT service management for business-IT integration Knowl Based Syst 28 2012 2012 76 87
187. A. Valjarevic, and H.S. Venter Towards a digital forensic readiness framework for public key infrastructure systems 2011 Information security for South Africa 2011 1 10
188. A. Valjarevic, and H. Venter A harmonized process model for digital forensic investigation G. Peterson, S. Shenoi, Advances in digital forensic IX, IFIP AICT 2013 Springer Berlin Heidelberg 67 82
189. T. Vidas, C. Zhang, and N. Christin Toward a general collection methodology for Android devices Digit Investig 8 2011 2011 14 24
190. J. Webb, A. Ahmad, S.B. Maynard, and G. Shanks A situation awareness model for information security risk management Comput Secur 2014 2014 1 15
191. M.J. West-Brown, D. Stikvoort, K.-P. Kossakowski, G. Killcrere, R. Ruefle, and M. Zajicek Handbook for computer security incident response teams (CSIRTs) 2nd ed. 2003 Carnegie Mellon/SEI Pittsburgh
192. J. Wiik, P.I. Davidsen, and K.P. Kossakowski Chronic workload problems in CSIRTs 27th International conference of the system dynamics society 2009 1 19
193. J. Wiik, P.I. Davidsen, and K.P. Kossakowski Persistent instabilities in the high-priority incident workload of CSIRTs 27th International conference of the system dynamics society 2009 1 15
194. J. Wiik, P.I. Davidsen, and K.P. Kossakowski Preserving a balanced CSIRT constituency 27th International conference of the system dynamics society 2009 1 11
195. T. Wood, E. Cecchet, K.K. Ramakrishnan, P. Shenoy, J. Van Der Merwe, and A. Venkataramani Disaster recovery as a cloud service: economic benefits & deployment challenges University of Massachusetts Amherst 2nd USENIX workshop on hot topics in cloud computing 2010 1 7
196. X. Wu, Y. Fu, and J. Wang Information systems security risk assessment on improved fuzzy AHP 2009 ISECS international colloquium on computing, communication, control, and management 2009 365 369
197. T. Wu, J. Ferdinand, P. Disso, K. Jones, A. Campos, and J. Pagna Towards a SCADA forensics architecture 1st International symposium for ICS and SCADA cyber security research 2013 12 21
198. R. Xia, X. Yin, J. Alonso, F. Machida, and K.S. Trivedi Performance and availability modeling of IT systems with data backup and restore IEEE Trans Dependable Secure Comput 2013 1 14
199. Z. Xinlan, H. Zhifang, W. Guangfu, and Z. Xin Information security risk assessment methodology research: group decision making and analytic hierarchy process 2010 Second world congress on software engineering 2010 157 160
200. J. Yang, and Z. Chen Cloud computing research and security issues Computational intelligence and software engineering (CiSE), 2010 international conference on 2010 10 12
201. X. Yu, L. Jiang, H. Shu, Q. Yin, and T. Liu A process model for forensic analysis of Symbian Advances in software engineering 2009 Springer Berlin Heidelberg 86 93
202. J. Yuill, F. Wu, J. Settle, F. Gong, R. Forno, and M. Huang Intrusion-detection for incident-response, using a military battlefield-intelligence process Comput Netw 34 2000 2000 671 697
203. E. Zambon, S. Etalle, R.J. Wieringa, and P. Hartel Model-based qualitative risk assessment for availability of IT infrastructures Softw Syst Model 10 4 2010 553 580
204. X. Zan, F. Gao, J. Han, X. Liu, and J. Zhou NAIR: a novel automated intrusion response system based on decision making approach The 2010 IEEE international conference on information and automation 2010 543 548
205. L. Zhang, and W. Wang Constructions on disaster tolerant backup system of management information system 2011 6th International conference on computer science & education (ICCSE) 2011 425 427
206. X. Zhang, N. Wuwong, H. Li, and X. Zhang Information security risk management framework for the cloud computing environments 2010 10th IEEE international conference on computer and information technology 2010 1328 1334
207. G. Zhang, Y. Yang, and X. Mao Disaster recovery evaluation PROC model framework based on information flow Proceedings of 2011 international conference on computer science and network technology 2011 1841 1845
208. X. Zhang, K. Liang, and X. Zhang Research on the recovery strategy of incremental-data-based continuous data protection 2012 International conference on computer science and electronics engineering 2012 498 502
209. W. Zhao, and G. White Designing a formal model facilitating collaborative information sharing for community cyber security 2014 47th Hawaii international conference on system sciences 2014 1987 1996
210. M. Zhou, and G. Yao Improved cost-sensitive model of intrusion response system based on clustering 2011 International conference in electrics, communication and automatic control proceedings 2012 931 937
211. S. Zimmerman, and D. Glavach Cyber forensics in the cloud IAnewsletter 14 1 2011 4 7
212. D. Zissis, and D. Lekkas Addressing cloud computing security issues Future Gener Comput Syst 28 3 2012 583 592
213. S. Zonouz, and P. Haghani Cyber-physical security metric inference in smart grid critical infrastructures based on system administrators responsive behavior Comput Secur 39 2013 2013 190 200
214. S.A. Zonouz, H. Khurana, W.H. Sanders, and T.M. Yardley RRE: a game-theoretic intrusion response and recovery engine IEEE Trans Parallel Distrib Syst 25 2 2014 395 406