Simulation of Workflow and Threat Characteristics for Cyber Security Incident Response Teams
| Autor: | Robert G. Abbott, Kevin Nauer, Benjamin John Anderson, Chris Forsythe, Theodore Reed |
|---|---|
| Rok vydání: | 2014 |
| Předmět: |
Engineering
business.industry Differential (mechanical device) Intrusion detection system Asset (computer security) Computer security computer.software_genre Medical Terminology Adversarial system Workflow Software Key (cryptography) Incident response business computer Medical Assisting and Transcription |
| Zdroj: | Proceedings of the Human Factors and Ergonomics Society Annual Meeting. 58:427-431 |
| ISSN: | 1071-1813 2169-5067 |
| Popis: | Within large organizations, the defense of cyber assets generally involves the use of various mechanisms, such as intrusion detection systems, to alert cyber security personnel to suspicious network activity. Resulting alerts are reviewed by the organization’s cyber security personnel to investigate and assess the threat and initiate appropriate actions to defend the organization’s network assets. While automated software routines are essential to cope with the massive volumes of data transmitted across data networks, the ultimate success of an organization’s efforts to resist adversarial attacks upon their cyber assets relies on the effectiveness of individuals and teams. This paper reports research to understand the factors that impact the effectiveness of Cyber Security Incidence Response Teams (CSIRTs). Specifically, a simulation is described that captures the workflow within a CSIRT. The simulation is then demonstrated in a study comparing the differential response time to threats that vary with respect to key characteristics (attack trajectory, targeted asset and perpetrator). It is shown that the results of the simulation correlate with data from the actual incident response times of a professional CSIRT. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|