ABSTRACT
An incident response plan is critical for the detection and removal of information security threats. Incident response involves many aspects other than technical issues. There are management, legal, and social issues that an incident response team needs to consider. An incident response identifies, contains, and eliminates the incident. Then, the compromised system is fully recovered and restored. To hold the intruder accountable, a forensic investigation is needed. Documentation of all activities and evidence gathering is crucial when during the entire response and investigation. The paper proposes and discusses interconnected methodological frameworks for both incident response and network forensics.
- Adelstein, F. 2006. Live forensics: diagnosing your system without killing it first. Communications of the ACM. 49, 2, (Feb. 2006), 63--66. Google ScholarDigital Library
- Brown, D. 2008. Incident response: communication is key. Security Magazine. Retrieved from http://www.securitymagazine.com/Articles/Feature_Article/BNP_GUID_9-5-2006_A_10000000000000227258Google Scholar
- Jajodia, S., McCollum, C., and Ammann, P. 1999. Trusted recovery: prevention and detection receive most of the attention, but recovery is an equally important phase of information warfare defense. Communications of the ACM. 42, 7, (July. 1999), 71--75. Google ScholarDigital Library
- Lathoud, B. 2004. Formalization of the processing of electronic traces. International Review of Law Computers & Technology. 18, 5. (July. 2004) DOI= 10.1080/1360086042000223490.Google Scholar
- Mitchell, R., Marcella, R., and Baxter, G. 1999. Corporate information security management. New Library World. 100, 5, (1999), 213--227. DOI= 10.1108/0307480991028588.Google ScholarCross Ref
- Mitropoulos, S., Patsos, D., and Douligeris, C. On incident handing and response: a state-of-the-art approach. Computers & Security. 25. (2006), 351--370. DOI= 10.1016/j.case.2005.09.006.Google Scholar
- Paul, G. 2009. Improving logical security for critical infrastructure. Frost & Sullivan. Retrieved from http://www.frost.com/prod/servlet/market-insight-top.pag?docid=164966592.Google Scholar
- Pilli, E., Joshi, R. C., and Niyogi, R. 2010. A generic framework for network forensics. International Journal of Computer Applications. 1, 11. (2010). Retrieved from http://www.ijcaonline.org/journal/number11/pxc387408.pdf.Google ScholarCross Ref
- Rollason-Reese, R. 2003. Incident handling: an orderly response to unexpected events. ACM. New York, NY, 97--102. DOI= http://doi.acm.org/10.1145/947469.947496. Google ScholarDigital Library
- Sanderson, E. and Forcht, K. 1996. Information security in business environments. Information Management and Computer Security. 4, 1. (1996), 32--37. DOI= 10.1108/09685229610114187Google ScholarCross Ref
- Tan, T., Ruighaver, T., and Ahmad, A. 2003. Incident handling: where the need for planning is often not recognized. In 1st Australia Computer, Network & Information Forensics Conference 2003. (Perth, Western Australia, 2003). Retrieved from http://frogchunk.com/documentation/security-management/terenceatiftobias.pdf.Google Scholar
- Werlinger, R., Muldner, K., Hawkey, K., and Beznosov, K. 2010. Preparation, detection, and analysis: the diagnostic work of IT security incident response. Information Management & Computer Security. 18, 1 (2010). DOI= 10.1108/09685221011035241.Google Scholar
- Whitman, M. and Mattord, H. 2010. Management of Information Security, 3rd Edition. Cengage, Learning/Course Technology, Boston, MA 02210.Google Scholar
- Wilcox, S., and Brown, D. 2005. Responding to security incidents - sooner of later you systems will be compromised. Journal of Health Care Compliance. 7, 2 (April. 2005), 41--48.Google Scholar
Index Terms
- A forensic approach to incident response
Recommendations
Model-Based Incident Response Playbooks
ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and SecurityInevitably, all systems are vulnerable, and none are impervious to attack. Incident response is an important element in maintaining the cyber security posture of organizations. Incident response practitioners often rely on process descriptions in the ...
A forensic taxonomy of SCADA systems and approach to incident response
ICS-CSR '15: Proceedings of the 3rd International Symposium for ICS & SCADA Cyber Security ResearchSCADA systems that monitor and control Critical National Infrastructure (CNI) are increasingly becoming the target of advanced cyber-attacks since their convergence with TCP/IP and other networks for efficient controlling. When a SCADA incident occurs ...
Comments