Journal
COMPUTERS & SECURITY
Volume 31, Issue 5, Pages 643-652Publisher
ELSEVIER ADVANCED TECHNOLOGY
DOI: 10.1016/j.cose.2012.04.001
Keywords
Information security; Security management; Incident response; Security models; Organizational processes; Security learning
Categories
Ask authors/readers for more resources
Incident response is a critical security function in organisations that aims to manage incidents in a timely and cost-effective manner. This research was motivated by previous case studies that suggested that the practice of incident response frequently did not result in the improvement of strategic security processes such as policy development and risk assessment. An exploratory in-depth case study was performed at a large global financial institution to examine shortcomings in the practice of incident response. The case study revealed the practice of incident response, in accordance with detailed best-practice guidelines, tended to adopt a narrow technical focus aimed at maintaining business continuity whilst neglecting strategic security concerns. The case study also revealed that the (limited) post-incident review process focused on 'high-impact' incidents rather than 'high-learning' (i.e. potentially useful incidents from a learning perspective) incidents and 'near misses'. In response to this case study, we propose a new double-loop model for incident learning to address potential systemic corrective action in such areas as the risk assessment and policy development processes. (c) 2012 Elsevier Ltd. All rights reserved.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available