Turning Weakness into Strength: How to Learn From an IT Security Incident

Turning Weakness into Strength: How to Learn From an IT Security Incident

Randy L. Burkhead (Capella University, USA)
DOI: 10.4018/978-1-5225-7113-1.ch011

Abstract

In today's culture organizations have come to expect that information security incidents and breaches are no longer a matter of if but when. This shifting paradigm has brought increased attention, not to the defenses in place to prevent an incident but, to how companies manage the aftermath. Using a phenomenological model, organizations can reconstruct events focused on the human aspects of security with forensic technology providing supporting information. This can be achieved by conducting an after action review for incidents using a phenomenological model. Through this approach the researcher can discover the common incident management cycle attributes and how these attributes have been applied in the organization. An interview guide and six steps are presented to accomplish this type of review. By understanding what happened, how it happened, and why it happened during incident response, organizations can turn their moment of weakness into a pillar of strength.
Chapter Preview
Top

Previous Research

There is a lot of existing research on the topic of cyber security ranging from war applications to criminal activities. There are published standards for IT security including industry regulations like the Payment Card Industry Data Security Standard (PCI-DSS), government sponsored standards like United States National Institute for Standards and Technology (NIST) special publication 800-53, laws and regulations such as the Health Information Privacy and Accountability Act (HIPAA), and international cyber security standards such as International Standard Organization (ISO) 2700 and Information Technology Infrastructure Library (ITIL). Each of these standards has processes and procedures for incident response; but they each have only limited instructions for how to build an incident response program. There is very little research into the phenomenon of IT security incidents and incident management in the field.

Complete Chapter List

Search this Book:
Reset