Abstract
This work presents the literature review about the process of handling security incidents to identify standards or guidelines published by international organizations. Based on this research we identified the phases of the incident management processes with the goal of analyze automation proposals for improve efficiency and response times. Finally, we analyzed the contribution of cognitive security to enhanced the cognitive skills of security specialists in the execution of tasks that are associated with the detection phase in the incident management process.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Nugraha, A., Legowo, N.: Implementation of incident management for data services using ITIL V3 in telecommunication operator company. In: 2017 International Conference on Applied Computer and Communication Technologies (ComCom), pp. 1–6 (2017)
Krichene, J., Boudriga N.: Incident response probabilistic cognitive maps. In: 2008 IEEE International Symposium on Parallel and Distributed Processing with Applications, pp. 689–694 (2008)
Berenjian, S., Shajari, M., Farshid, N., Hatamian, M.: Intelligent automated intrusion response system based on fuzzy decision making and risk assessment. In: 2016 IEEE 8th International Conference on Intelligent Systems (IS), pp. 709–714 (2016)
Latrache, A., Nfaoui, H., Boumhidi, J.: Multi agent based incident management system according to ITIL. In: 2015 Intelligent Systems and Computer Vision (ISCV), pp. 1–7 (2015)
Kundu, A., Ghosh, S. K.: Game theoretic attack response framework for enterprise networks. In: Distributed Computing and Internet Technology, pp. 263–274 (2014)
Lanchas, V.M., González, V.A.V., Bueno, F.R.: Ontologies-based automated intrusion response system. In: Herrero, Á., Corchado, E., Redondo, C., Alonso, Á (eds.) Computational Intelligence in Security for Information Systems 2010. AISC, vol. 85. Springer, Heidelberg (2010)
NIST: Roadmap for Improving Critical Infrastructure Cybersecurity (2014). https://www.nist.gov/
Grispos, G., Glisson, W., Storer, T.: Rethinking security incident response: the integration of agile principles. In: 20th Americas Conference on Information Systems, Journal, Dagstuhl Reports (2014)
IBM: Applied Cognitive Security: Complementing the Security Analyst (2017). https://www.rsaconference.com/writable/presentations
Johannes, W.: Limits to Effectiveness in Computer Security Incident Response Teams (2005). https://resources.sei.cmu.edu/library/
Killcrece, G., Kossakowski, K.-P., Ruefle, R., Zajicek, M.: State of the Practice of Computer Security Incident Response Teams. Software Engineering Institute, Carnegie Mellon University (2003)
Denyer, D., Tranfield, D.: Producing a systematic review. In: The Sage Handbook of Organizational Research Methods, pp. 671–689 (2009)
Costa, E., Soares, A.L., de Sousa, J.P.: Information, knowledge and collaboration management in the internationalisation of SMEs: a systematic literature review. Int. J. Inf. Manag. 36(4), 557–569 (2016)
Guilera, G., Barrios, M., Gómez-Benito, J.: Meta-analysis in psychology: a bibliometric study. Scientometrics 94(3), 943–954 (2013)
IETF: RFC2196 Site Security Handbook (1997). http://www.rfc-editor.org/rfc/pdfrfc/rfc2196.txt.pdf
IETF: RFC2235 Hobbes’ Internet Timeline (1997). https://tools.ietf.org/html/rfc2235. Accessed 9 Sept 2018
Alberts, C., Dorofee, A., Killcrece, G., Ruefle, R., Zajicek, M.: Defining Incident Management Processes for CSIRTs: A Work in Progress. Carnegie Mellon University, Software Engineering Institute (2004)
Killcrece, G., Kossakowski, K.-P., Ruefle, R., Zajicek, M.: Organizational Models for Computer Security Incident Response Teams. Software Engineering Institute, Carnegie Mellon University (2003)
SANS: Incident Handler’s Handbook (2005). https://www.sans.org/
ITIL: Information Technology Infrastructure Library (2011). https://www.axelos.com/best-practice-solutions/itil
NIST: Computer Security Incident Handling Guide (2012). https://csrc.nist.gov/publications
SANS: Incident Handler’s Handbook (2005). https://www.sans.org/reading-room/whitepapers
ENISA: Good Practice Guide for Incident Management (2010). https://www.enisa.europa.eu/publications/
ISO: ISO/IEC 27035:2016 Information technology - security techniques – information security incident management (2016). https://www.iso.org/
Shameli-Sendi, A., Ezzati-Jivan, N., Jabbarifar, M., Dagenais, M.: Intrusion response systems: survey and taxonomy. Int. J. Comput. Sci. Netw. Secur. (IJCSNS) 12, 1–14 (2012)
Zonouz, S., Khurana, H., Sanders, W., Yardley, T.: RRE: a game-theoretic intrusion response and recovery engine. J. IEEE Trans. Parallel Distrib. Syst. 25, 395–406 (2014)
Luo, Y., Szidarovszky, F., Al-Nashif, Y., Hariri, S.: A fictitious play-based response strategy for multistage intrusion defense systems. J. Secur. Commun. Netw. 7, 473–491 (2014)
Chengpo, M., Yingjiu, L.: An intrusion response decision-making model based on hierarchical task network planning. J. Expert Syst. Appl. 37, 2465–2472 (2010)
Shameli-Sendi, A., Dagenais, M.: ARITO: cyber-attack response system using accurate risk impact tolerance. Int. J. Inf. Secur. 13, 367–390 (2014)
Shameli-Sendi, A., Louafi, H., Cheriet, M.: Dynamic optimal countermeasure selection for intrusion response system. IEEE Trans. Dependable Secur. Comput. 15, 755–770 (2018)
Iannucci, S., Abdelwahed, S.: Model-based response planning strategies for autonomic intrusion protection. ACM Trans. Auton. Adapt. Syst. 13, 4 (2018)
IBM: Applied cognitive security complementing the security analyst (2017). https://www.rsaconference.com
NIST: Cybersecurity Framework (2018). https://www.nist.gov/cyberframework/
Acknowledgment
The authors would like to thank the financial support of the Ecuadorian Corporation for the Development of Research and the Academy (RED CEDIA) for the development of this work, under Project Grant GT-II-2017.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Andrade, R., Torres, J., Cadena, S. (2019). Cognitive Security for Incident Management Process. In: Rocha, Á., Ferrás, C., Paredes, M. (eds) Information Technology and Systems. ICITS 2019. Advances in Intelligent Systems and Computing, vol 918. Springer, Cham. https://doi.org/10.1007/978-3-030-11890-7_59
Download citation
DOI: https://doi.org/10.1007/978-3-030-11890-7_59
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-11889-1
Online ISBN: 978-3-030-11890-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)