Skip to main content
SpringerLink
Log in

A Decision Support System for IT Security Incident Management

  • Conference paper
Trust, Privacy, and Security in Digital Business (TrustBus 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8647))

Abstract

The problem of processing IT security incidents is a key task in the field of security service management. This paper addresses the problem of effectively assigning and scheduling security incidents to the members of the IT staff. To solve this problem, we propose an innovative approach to assign staff members to security incidents by applying mathematical programming to the field of IT security management. We formulate an optimization model and propose efficient solution methods. The numerical simulations show that our approach improves current best practice behaviour significantly.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Anvik, J.: Automating Bug Report Assignment. In: ICSE 2006 Proceedings of the 28th International Conference on Software Engineering, pp. 937–940 (2006)

    Google Scholar 

  2. Anvik, J., Hiew, L., Murphy, G.: Who should fix this bug? In: ICSE 2006 Proceedings of the 28th International Conference on Software Engineering, pp. 361–370 (2006)

    Google Scholar 

  3. Arnold, A.: Assessing the Financial Impact of Downtime. Vision Solutions, White Paper (2010), http://www.strategiccompanies.com/pdfs/Assessing%20the%20Financial%20Impact%20of%20Downtime.pdf

  4. Bernard, P.: COBIT 5 - A Management Guide. Van Haren Publishing (2012)

    Google Scholar 

  5. Bruno, J., Coffman Jr., E.G., Sehti, R.: Scheduling Independent Tasks to Reduce Mean Finishing Time. Communications of the ACM 17(7), 382–387 (1974)

    Article  MATH  Google Scholar 

  6. Office, C., Steinberg, R., Rudd, C., Lacy, S., Hanna, A.: ITIL Service Operation, 2nd edn. TSO, London (2011)

    Google Scholar 

  7. Cichonski, P., Millar, T., Grance, T., Scarfone, K.: Computer Security Incident Handling Guide. National Institute of Standards and Technology Special Publication 800-61, Revision 2 (2012)

    Google Scholar 

  8. ISO/IEC: ISO/IEC 27035 - Information Technology - Security Techniques - Information Security Incident Management (2011)

    Google Scholar 

  9. Kurowski, S., Frings, S.: Computational Documentation of IT Incidents as Support for Forensic Operations. In: Proceedings of the 2011 Sixth International Conference on IT Security Incident Management and IT Forensics, pp. 37–47. IEEE Computer Society, Washington, DC (2011)

    Chapter  Google Scholar 

  10. Li, X., Zhan, Z., Guo, S., Zhang, L.: IT Incident Assign Algorithm Based on the Difference Between Support Groups. In: International Conference on Advanced Intelligence and Awarenss Internet (AIAI), pp. 319–323 (2010)

    Google Scholar 

  11. Liu, R., Lee, J.: IT Incident Management by Analyzing Incident Relations. In: Liu, C., Ludwig, H., Toumani, F., Yu, Q. (eds.) Service Oriented Computing. LNCS, vol. 7636, pp. 631–638. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  12. Rahman, M., Ruhe, G., Zimmermann, T.: Optimized Assignment of Developers for Fixing Bugs: An Initial Evaluation for Eclipse Projects. In: IEEE International Symposium on Empirical Software Engineering and Measurement, pp. 439–442 (2009)

    Google Scholar 

  13. Rahman, M., Sohan, S.M., Maurer, F., Ruhe, G.: Evaluation of Optimized Staffing for Feature Development and Bug Fixing. In: Proceedings of the 2010 ACM-IEEE International Symposium on Empirical Software Engineering and Measurement (2010)

    Google Scholar 

  14. Weng, M.X., Lu, J., Ren, H.: Unrelated Parallel Machine Scheduling with Setup Consideration and a Total Weighted Completion Time Objective. International Journal of Production Economics 70(3), 215–226 (2001)

    Article  Google Scholar 

  15. Wex, F., Schryen, G., Feuerriegel, S., Neumann, D.: Emergency Response in Natural Disaster Management: Allocation and Scheduling of Rescue Units. European Journal of Operational Research 235(3), 697–708 (2014)

    Article  MathSciNet  Google Scholar 

  16. Zitek, N.: ITIL Incident Management - How to separate roles at different support levels. ITIL & ISO 20000 Blog (2013), http://www.20000academy.com/Blog/November-2013/ITIL-Incident-Management-How-to-separate-roles-at-different-support-levels

Download references

Author information

Authors and Affiliations

  1. Department of Management Information Systems, University of Regensburg, Universitätsstraße 31, 93053, Regensburg, Germany

    Gerhard Rauchecker, Emrah Yasasin & Guido Schryen

Authors
  1. Gerhard Rauchecker
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Emrah Yasasin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Guido Schryen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Fraunhofer-Institut für Angewandte und Integrierte Sicherheit (AISEC), Parkring 4, 85748, Garching, Germany

    Claudia Eckert

  2. Department of Digital Systems, University of Piraeus, 150 Androutsou St., 185 32, Piraeus, Greece

    Sokratis K. Katsikas

  3. LS Wirtschaftsinformatik 1 - Informationssysteme, Universität Regensburg, Universitätsstr. 31, 93053, Regensburg, Germany

    Günther Pernul

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Rauchecker, G., Yasasin, E., Schryen, G. (2014). A Decision Support System for IT Security Incident Management. In: Eckert, C., Katsikas, S.K., Pernul, G. (eds) Trust, Privacy, and Security in Digital Business. TrustBus 2014. Lecture Notes in Computer Science, vol 8647. Springer, Cham. https://doi.org/10.1007/978-3-319-09770-1_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-09770-1_4

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-09769-5

  • Online ISBN: 978-3-319-09770-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation