Skip to main content

Cognitive Security for Incident Management Process

  • Conference paper
  • First Online:
Information Technology and Systems (ICITS 2019)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 918))

Included in the following conference series:

Abstract

This work presents the literature review about the process of handling security incidents to identify standards or guidelines published by international organizations. Based on this research we identified the phases of the incident management processes with the goal of analyze automation proposals for improve efficiency and response times. Finally, we analyzed the contribution of cognitive security to enhanced the cognitive skills of security specialists in the execution of tasks that are associated with the detection phase in the incident management process.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Nugraha, A., Legowo, N.: Implementation of incident management for data services using ITIL V3 in telecommunication operator company. In: 2017 International Conference on Applied Computer and Communication Technologies (ComCom), pp. 1–6 (2017)

    Google Scholar 

  2. Krichene, J., Boudriga N.: Incident response probabilistic cognitive maps. In: 2008 IEEE International Symposium on Parallel and Distributed Processing with Applications, pp. 689–694 (2008)

    Google Scholar 

  3. Berenjian, S., Shajari, M., Farshid, N., Hatamian, M.: Intelligent automated intrusion response system based on fuzzy decision making and risk assessment. In: 2016 IEEE 8th International Conference on Intelligent Systems (IS), pp. 709–714 (2016)

    Google Scholar 

  4. Latrache, A., Nfaoui, H., Boumhidi, J.: Multi agent based incident management system according to ITIL. In: 2015 Intelligent Systems and Computer Vision (ISCV), pp. 1–7 (2015)

    Google Scholar 

  5. Kundu, A., Ghosh, S. K.: Game theoretic attack response framework for enterprise networks. In: Distributed Computing and Internet Technology, pp. 263–274 (2014)

    Chapter  Google Scholar 

  6. Lanchas, V.M., González, V.A.V., Bueno, F.R.: Ontologies-based automated intrusion response system. In: Herrero, Á., Corchado, E., Redondo, C., Alonso, Á (eds.) Computational Intelligence in Security for Information Systems 2010. AISC, vol. 85. Springer, Heidelberg (2010)

    Google Scholar 

  7. NIST: Roadmap for Improving Critical Infrastructure Cybersecurity (2014). https://www.nist.gov/

  8. Grispos, G., Glisson, W., Storer, T.: Rethinking security incident response: the integration of agile principles. In: 20th Americas Conference on Information Systems, Journal, Dagstuhl Reports (2014)

    Google Scholar 

  9. IBM: Applied Cognitive Security: Complementing the Security Analyst (2017). https://www.rsaconference.com/writable/presentations

  10. Johannes, W.: Limits to Effectiveness in Computer Security Incident Response Teams (2005). https://resources.sei.cmu.edu/library/

  11. Killcrece, G., Kossakowski, K.-P., Ruefle, R., Zajicek, M.: State of the Practice of Computer Security Incident Response Teams. Software Engineering Institute, Carnegie Mellon University (2003)

    Google Scholar 

  12. Denyer, D., Tranfield, D.: Producing a systematic review. In: The Sage Handbook of Organizational Research Methods, pp. 671–689 (2009)

    Google Scholar 

  13. Costa, E., Soares, A.L., de Sousa, J.P.: Information, knowledge and collaboration management in the internationalisation of SMEs: a systematic literature review. Int. J. Inf. Manag. 36(4), 557–569 (2016)

    Article  Google Scholar 

  14. Guilera, G., Barrios, M., Gómez-Benito, J.: Meta-analysis in psychology: a bibliometric study. Scientometrics 94(3), 943–954 (2013)

    Article  Google Scholar 

  15. IETF: RFC2196 Site Security Handbook (1997). http://www.rfc-editor.org/rfc/pdfrfc/rfc2196.txt.pdf

  16. IETF: RFC2235 Hobbes’ Internet Timeline (1997). https://tools.ietf.org/html/rfc2235. Accessed 9 Sept 2018

  17. Alberts, C., Dorofee, A., Killcrece, G., Ruefle, R., Zajicek, M.: Defining Incident Management Processes for CSIRTs: A Work in Progress. Carnegie Mellon University, Software Engineering Institute (2004)

    Google Scholar 

  18. Killcrece, G., Kossakowski, K.-P., Ruefle, R., Zajicek, M.: Organizational Models for Computer Security Incident Response Teams. Software Engineering Institute, Carnegie Mellon University (2003)

    Google Scholar 

  19. SANS: Incident Handler’s Handbook (2005). https://www.sans.org/

  20. ITIL: Information Technology Infrastructure Library (2011). https://www.axelos.com/best-practice-solutions/itil

  21. NIST: Computer Security Incident Handling Guide (2012). https://csrc.nist.gov/publications

  22. SANS: Incident Handler’s Handbook (2005). https://www.sans.org/reading-room/whitepapers

  23. ENISA: Good Practice Guide for Incident Management (2010). https://www.enisa.europa.eu/publications/

  24. ISO: ISO/IEC 27035:2016 Information technology - security techniques – information security incident management (2016). https://www.iso.org/

  25. Shameli-Sendi, A., Ezzati-Jivan, N., Jabbarifar, M., Dagenais, M.: Intrusion response systems: survey and taxonomy. Int. J. Comput. Sci. Netw. Secur. (IJCSNS) 12, 1–14 (2012)

    Google Scholar 

  26. Zonouz, S., Khurana, H., Sanders, W., Yardley, T.: RRE: a game-theoretic intrusion response and recovery engine. J. IEEE Trans. Parallel Distrib. Syst. 25, 395–406 (2014)

    Article  Google Scholar 

  27. Luo, Y., Szidarovszky, F., Al-Nashif, Y., Hariri, S.: A fictitious play-based response strategy for multistage intrusion defense systems. J. Secur. Commun. Netw. 7, 473–491 (2014)

    Article  Google Scholar 

  28. Chengpo, M., Yingjiu, L.: An intrusion response decision-making model based on hierarchical task network planning. J. Expert Syst. Appl. 37, 2465–2472 (2010)

    Article  Google Scholar 

  29. Shameli-Sendi, A., Dagenais, M.: ARITO: cyber-attack response system using accurate risk impact tolerance. Int. J. Inf. Secur. 13, 367–390 (2014)

    Article  Google Scholar 

  30. Shameli-Sendi, A., Louafi, H., Cheriet, M.: Dynamic optimal countermeasure selection for intrusion response system. IEEE Trans. Dependable Secur. Comput. 15, 755–770 (2018)

    Article  Google Scholar 

  31. Iannucci, S., Abdelwahed, S.: Model-based response planning strategies for autonomic intrusion protection. ACM Trans. Auton. Adapt. Syst. 13, 4 (2018)

    Article  Google Scholar 

  32. IBM: Applied cognitive security complementing the security analyst (2017). https://www.rsaconference.com

  33. NIST: Cybersecurity Framework (2018). https://www.nist.gov/cyberframework/

Download references

Acknowledgment

The authors would like to thank the financial support of the Ecuadorian Corporation for the Development of Research and the Academy (RED CEDIA) for the development of this work, under Project Grant GT-II-2017.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Roberto Andrade .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Andrade, R., Torres, J., Cadena, S. (2019). Cognitive Security for Incident Management Process. In: Rocha, Á., Ferrás, C., Paredes, M. (eds) Information Technology and Systems. ICITS 2019. Advances in Intelligent Systems and Computing, vol 918. Springer, Cham. https://doi.org/10.1007/978-3-030-11890-7_59

Download citation

Publish with us

Policies and ethics