Abstract
The problem of processing IT security incidents is a key task in the field of security service management. This paper addresses the problem of effectively assigning and scheduling security incidents to the members of the IT staff. To solve this problem, we propose an innovative approach to assign staff members to security incidents by applying mathematical programming to the field of IT security management. We formulate an optimization model and propose efficient solution methods. The numerical simulations show that our approach improves current best practice behaviour significantly.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anvik, J.: Automating Bug Report Assignment. In: ICSE 2006 Proceedings of the 28th International Conference on Software Engineering, pp. 937–940 (2006)
Anvik, J., Hiew, L., Murphy, G.: Who should fix this bug? In: ICSE 2006 Proceedings of the 28th International Conference on Software Engineering, pp. 361–370 (2006)
Arnold, A.: Assessing the Financial Impact of Downtime. Vision Solutions, White Paper (2010), http://www.strategiccompanies.com/pdfs/Assessing%20the%20Financial%20Impact%20of%20Downtime.pdf
Bernard, P.: COBIT 5 - A Management Guide. Van Haren Publishing (2012)
Bruno, J., Coffman Jr., E.G., Sehti, R.: Scheduling Independent Tasks to Reduce Mean Finishing Time. Communications of the ACM 17(7), 382–387 (1974)
Office, C., Steinberg, R., Rudd, C., Lacy, S., Hanna, A.: ITIL Service Operation, 2nd edn. TSO, London (2011)
Cichonski, P., Millar, T., Grance, T., Scarfone, K.: Computer Security Incident Handling Guide. National Institute of Standards and Technology Special Publication 800-61, Revision 2 (2012)
ISO/IEC: ISO/IEC 27035 - Information Technology - Security Techniques - Information Security Incident Management (2011)
Kurowski, S., Frings, S.: Computational Documentation of IT Incidents as Support for Forensic Operations. In: Proceedings of the 2011 Sixth International Conference on IT Security Incident Management and IT Forensics, pp. 37–47. IEEE Computer Society, Washington, DC (2011)
Li, X., Zhan, Z., Guo, S., Zhang, L.: IT Incident Assign Algorithm Based on the Difference Between Support Groups. In: International Conference on Advanced Intelligence and Awarenss Internet (AIAI), pp. 319–323 (2010)
Liu, R., Lee, J.: IT Incident Management by Analyzing Incident Relations. In: Liu, C., Ludwig, H., Toumani, F., Yu, Q. (eds.) Service Oriented Computing. LNCS, vol. 7636, pp. 631–638. Springer, Heidelberg (2012)
Rahman, M., Ruhe, G., Zimmermann, T.: Optimized Assignment of Developers for Fixing Bugs: An Initial Evaluation for Eclipse Projects. In: IEEE International Symposium on Empirical Software Engineering and Measurement, pp. 439–442 (2009)
Rahman, M., Sohan, S.M., Maurer, F., Ruhe, G.: Evaluation of Optimized Staffing for Feature Development and Bug Fixing. In: Proceedings of the 2010 ACM-IEEE International Symposium on Empirical Software Engineering and Measurement (2010)
Weng, M.X., Lu, J., Ren, H.: Unrelated Parallel Machine Scheduling with Setup Consideration and a Total Weighted Completion Time Objective. International Journal of Production Economics 70(3), 215–226 (2001)
Wex, F., Schryen, G., Feuerriegel, S., Neumann, D.: Emergency Response in Natural Disaster Management: Allocation and Scheduling of Rescue Units. European Journal of Operational Research 235(3), 697–708 (2014)
Zitek, N.: ITIL Incident Management - How to separate roles at different support levels. ITIL & ISO 20000 Blog (2013), http://www.20000academy.com/Blog/November-2013/ITIL-Incident-Management-How-to-separate-roles-at-different-support-levels
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Rauchecker, G., Yasasin, E., Schryen, G. (2014). A Decision Support System for IT Security Incident Management. In: Eckert, C., Katsikas, S.K., Pernul, G. (eds) Trust, Privacy, and Security in Digital Business. TrustBus 2014. Lecture Notes in Computer Science, vol 8647. Springer, Cham. https://doi.org/10.1007/978-3-319-09770-1_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-09770-1_4
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-09769-5
Online ISBN: 978-3-319-09770-1
eBook Packages: Computer ScienceComputer Science (R0)