The management of information security incidents is the primary phenomenon under investigation. Information security incident management is identifying technology, processes, and people responsible for attacks and infiltrations against assets to violate the confidentiality, integrity, or availability of the asset and using that information to diagnose, contain, and recover from incidents ( Burkhead, 2014 ; Kadlec & Shropshire, 2010 ; Rajakumar & Shanthi, 2014 ; Werlinger et al., 2010 ). The management of these incidents occurs at the intersection of offensive and defensive information security concepts.
Published in Chapter:
Turning Weakness into Strength: How to Learn From an IT Security Incident
Randy L. Burkhead (Capella University, USA)
Copyright: © 2017
|Pages: 22
DOI: 10.4018/978-1-5225-0522-8.ch006
Abstract
In today's culture organizations have come to expect that information security incidents and breaches are no longer a matter of if but when. This shifting paradigm has brought increased attention, not to the defenses in place to prevent an incident but, to how companies manage the aftermath. Using a phenomenological model, organizations can reconstruct events focused on the human aspects of security with forensic technology providing supporting information. This can be achieved by conducting an after action review for incidents using a phenomenological model. Through this approach the researcher can discover the common incident management cycle attributes and how these attributes have been applied in the organization. An interview guide and six steps are presented to accomplish this type of review. By understanding what happened, how it happened, and why it happened during incident response, organizations can turn their moment of weakness into a pillar of strength.