The Experts below are selected from a list of 183 Experts worldwide ranked by ideXlab platform
Tim Storer - One of the best experts on this subject based on the ideXlab platform.
-
Enhancing security Incident Response follow-up efforts with lightweight agile retrospectives
Digital Investigation, 2017Co-Authors: George Grispos, William Bradley Glisson, Tim StorerAbstract:Security Incidents detected by organizations are escalating in both scale and complexity. As a result, security Incident Response has become a critical mechanism for organizations in an effort to minimize the damage from security Incidents. The final phase within many security Incident Response approaches is the feedback/follow-up phase. It is within this phase that an organization is expected to use information collected during an investigation in order to learn from an Incident, improve its security Incident Response Process and positively impact the wider security environment. However, recent research and security Incident reports argue that organizations find it difficult to learn from Incidents.A contributing factor to this learning deficiency is that industry focused security Incident Response approaches, typically, provide very little practical information about tools or techniques that can be used to extract lessons learned from an investigation. As a result, organizations focus on improving technical security controls and not examining or reassessing the effectiveness or efficiency of internal policies and procedures. An additional hindrance, to encouraging improvement assessments, is the absence of tools and/or techniques that organizations can implement to evaluate the impact of implemented enhancements in the wider organization. Hence, this research investigates the integration of lightweight agile retrospectives and meta-retrospectives, in a security Incident Response Process, to enhance feedback and/or follow-up efforts. The research contribution of this paper is twofold. First, it presents an approach based on lightweight retrospectives as a means of enhancing security Incident Response follow-up efforts. Second, it presents an empirical evaluation of this lightweight approach in a Fortune 500 Financial organization's security Incident Response team.
-
security Incident Response criteria a practitioner s perspective
Americas Conference on Information Systems, 2015Co-Authors: George Grispos, William Bradley Glisson, Tim StorerAbstract:Industrial reports indicate that security Incidents continue to inflict large financial losses on organizations. Researchers and industrial analysts contend that there are fundamental problems with existing security Incident Response Process solutions. This paper presents the Security Incident Response Criteria (SIRC) which can be applied to a variety of security Incident Response approaches. The criteria are derived from empirical data based on in-depth interviews conducted within a Global Fortune 500 organization and supporting literature. The research contribution of this paper is twofold. First, the criteria presented in this paper can be used to evaluate existing security Incident Response solutions and second, as a guide, to support future security Incident Response improvement initiatives.
-
AMCIS - Security Incident Response Criteria: A Practitioner's Perspective
2015Co-Authors: George Grispos, William Bradley Glisson, Tim StorerAbstract:Industrial reports indicate that security Incidents continue to inflict large financial losses on organizations. Researchers and industrial analysts contend that there are fundamental problems with existing security Incident Response Process solutions. This paper presents the Security Incident Response Criteria (SIRC) which can be applied to a variety of security Incident Response approaches. The criteria are derived from empirical data based on in-depth interviews conducted within a Global Fortune 500 organization and supporting literature. The research contribution of this paper is twofold. First, the criteria presented in this paper can be used to evaluate existing security Incident Response solutions and second, as a guide, to support future security Incident Response improvement initiatives.
-
Rethinking Security Incident Response: The Integration of Agile Principles
arXiv: Cryptography and Security, 2014Co-Authors: George Grispos, William Bradley Glisson, Tim StorerAbstract:In today's globally networked environment, information security Incidents can inflict staggering financial losses on organizations. Industry reports indicate that fundamental problems exist with the application of current linear plan-driven security Incident Response approaches being applied in many organizations. Researchers argue that traditional approaches value containment and eradication over Incident learning. While previous security Incident Response research focused on best practice development, linear plan-driven approaches and the technical aspects of security Incident Response, very little research investigates the integration of agile principles and practices into the security Incident Response Process. This paper proposes that the integration of disciplined agile principles and practices into the security Incident Response Process is a practical solution to strengthening an organization's security Incident Response posture.
-
AMCIS - Rethinking Security Incident Response: The Integration of Agile Principles.
2014Co-Authors: George Grispos, William Bradley Glisson, Tim StorerAbstract:In today‟s globally networked environment, information security Incidents can inflict staggering financial losses on organizations. Industry reports indicate that fundamental problems exist with the application of current linear plan-driven security Incident Response approaches being applied in many organizations. Researchers argue that traditional approaches value containment and eradication over Incident learning. While previous security Incident Response research focused on best practice development, linear plandriven approaches and the technical aspects of security Incident Response, very little research investigates the integration of agile principles and practices into the security Incident Response Process. This paper proposes that the integration of disciplined agile principles and practices into the security Incident Response Process is a practical solution to strengthening an organization‟s security Incident Response posture.
George Grispos - One of the best experts on this subject based on the ideXlab platform.
-
Enhancing security Incident Response follow-up efforts with lightweight agile retrospectives
Digital Investigation, 2017Co-Authors: George Grispos, William Bradley Glisson, Tim StorerAbstract:Security Incidents detected by organizations are escalating in both scale and complexity. As a result, security Incident Response has become a critical mechanism for organizations in an effort to minimize the damage from security Incidents. The final phase within many security Incident Response approaches is the feedback/follow-up phase. It is within this phase that an organization is expected to use information collected during an investigation in order to learn from an Incident, improve its security Incident Response Process and positively impact the wider security environment. However, recent research and security Incident reports argue that organizations find it difficult to learn from Incidents.A contributing factor to this learning deficiency is that industry focused security Incident Response approaches, typically, provide very little practical information about tools or techniques that can be used to extract lessons learned from an investigation. As a result, organizations focus on improving technical security controls and not examining or reassessing the effectiveness or efficiency of internal policies and procedures. An additional hindrance, to encouraging improvement assessments, is the absence of tools and/or techniques that organizations can implement to evaluate the impact of implemented enhancements in the wider organization. Hence, this research investigates the integration of lightweight agile retrospectives and meta-retrospectives, in a security Incident Response Process, to enhance feedback and/or follow-up efforts. The research contribution of this paper is twofold. First, it presents an approach based on lightweight retrospectives as a means of enhancing security Incident Response follow-up efforts. Second, it presents an empirical evaluation of this lightweight approach in a Fortune 500 Financial organization's security Incident Response team.
-
security Incident Response criteria a practitioner s perspective
Americas Conference on Information Systems, 2015Co-Authors: George Grispos, William Bradley Glisson, Tim StorerAbstract:Industrial reports indicate that security Incidents continue to inflict large financial losses on organizations. Researchers and industrial analysts contend that there are fundamental problems with existing security Incident Response Process solutions. This paper presents the Security Incident Response Criteria (SIRC) which can be applied to a variety of security Incident Response approaches. The criteria are derived from empirical data based on in-depth interviews conducted within a Global Fortune 500 organization and supporting literature. The research contribution of this paper is twofold. First, the criteria presented in this paper can be used to evaluate existing security Incident Response solutions and second, as a guide, to support future security Incident Response improvement initiatives.
-
AMCIS - Security Incident Response Criteria: A Practitioner's Perspective
2015Co-Authors: George Grispos, William Bradley Glisson, Tim StorerAbstract:Industrial reports indicate that security Incidents continue to inflict large financial losses on organizations. Researchers and industrial analysts contend that there are fundamental problems with existing security Incident Response Process solutions. This paper presents the Security Incident Response Criteria (SIRC) which can be applied to a variety of security Incident Response approaches. The criteria are derived from empirical data based on in-depth interviews conducted within a Global Fortune 500 organization and supporting literature. The research contribution of this paper is twofold. First, the criteria presented in this paper can be used to evaluate existing security Incident Response solutions and second, as a guide, to support future security Incident Response improvement initiatives.
-
Rethinking Security Incident Response: The Integration of Agile Principles
arXiv: Cryptography and Security, 2014Co-Authors: George Grispos, William Bradley Glisson, Tim StorerAbstract:In today's globally networked environment, information security Incidents can inflict staggering financial losses on organizations. Industry reports indicate that fundamental problems exist with the application of current linear plan-driven security Incident Response approaches being applied in many organizations. Researchers argue that traditional approaches value containment and eradication over Incident learning. While previous security Incident Response research focused on best practice development, linear plan-driven approaches and the technical aspects of security Incident Response, very little research investigates the integration of agile principles and practices into the security Incident Response Process. This paper proposes that the integration of disciplined agile principles and practices into the security Incident Response Process is a practical solution to strengthening an organization's security Incident Response posture.
-
AMCIS - Rethinking Security Incident Response: The Integration of Agile Principles.
2014Co-Authors: George Grispos, William Bradley Glisson, Tim StorerAbstract:In today‟s globally networked environment, information security Incidents can inflict staggering financial losses on organizations. Industry reports indicate that fundamental problems exist with the application of current linear plan-driven security Incident Response approaches being applied in many organizations. Researchers argue that traditional approaches value containment and eradication over Incident learning. While previous security Incident Response research focused on best practice development, linear plandriven approaches and the technical aspects of security Incident Response, very little research investigates the integration of agile principles and practices into the security Incident Response Process. This paper proposes that the integration of disciplined agile principles and practices into the security Incident Response Process is a practical solution to strengthening an organization‟s security Incident Response posture.
Dan Gorton - One of the best experts on this subject based on the ideXlab platform.
-
ARES - Modeling Fraud Prevention of Online Services Using Incident Response Trees and Value at Risk
2015 10th International Conference on Availability Reliability and Security, 2015Co-Authors: Dan GortonAbstract:Authorities like the Federal Financial Institutions Examination Council in the US and the European Central Bank in Europe have stepped up their expected minimum security requirements for financial institutions, including the requirements for risk analysis. In a previous article, we introduced a visual tool and a systematic way to estimate the probability of a successful Incident Response Process, which we called an Incident Response tree (IRT). In this article, we present several scenarios using the IRT which could be used in a risk analysis of online financial services concerning fraud prevention. By minimizing the problem of underreporting, we are able to calculate the conditional probabilities of prevention, detection, and Response in the Incident Response Process of a financial institution. We also introduce a quantitative model for estimating expected loss from fraud, and conditional fraud value at risk, which enables a direct comparison of risk among online banking channels in a multi-channel environment.
-
Using Incident Response Trees as a Tool for Risk Management of Online Financial Services
Risk Analysis, 2014Co-Authors: Dan GortonAbstract:The article introduces the use of probabilistic risk assessment for modeling the Incident Response Process of online financial services. The main contribution is the creation of Incident Response trees, using event tree analysis, which provides us with a visual tool and a systematic way to estimate the probability of a successful Incident Response Process against the currently known risk landscape, making it possible to measure the balance between front-end and back-end security measures. The model is presented using an illustrative example, and is then applied to the Incident Response Process of a Swedish bank. Access to relevant data is verified and the applicability and usability of the proposed model is verified using one year of historical data. Potential advantages and possible shortcomings are discussed, referring to both the design phase and the operational phase, and future work is presented.
William Bradley Glisson - One of the best experts on this subject based on the ideXlab platform.
-
Enhancing security Incident Response follow-up efforts with lightweight agile retrospectives
Digital Investigation, 2017Co-Authors: George Grispos, William Bradley Glisson, Tim StorerAbstract:Security Incidents detected by organizations are escalating in both scale and complexity. As a result, security Incident Response has become a critical mechanism for organizations in an effort to minimize the damage from security Incidents. The final phase within many security Incident Response approaches is the feedback/follow-up phase. It is within this phase that an organization is expected to use information collected during an investigation in order to learn from an Incident, improve its security Incident Response Process and positively impact the wider security environment. However, recent research and security Incident reports argue that organizations find it difficult to learn from Incidents.A contributing factor to this learning deficiency is that industry focused security Incident Response approaches, typically, provide very little practical information about tools or techniques that can be used to extract lessons learned from an investigation. As a result, organizations focus on improving technical security controls and not examining or reassessing the effectiveness or efficiency of internal policies and procedures. An additional hindrance, to encouraging improvement assessments, is the absence of tools and/or techniques that organizations can implement to evaluate the impact of implemented enhancements in the wider organization. Hence, this research investigates the integration of lightweight agile retrospectives and meta-retrospectives, in a security Incident Response Process, to enhance feedback and/or follow-up efforts. The research contribution of this paper is twofold. First, it presents an approach based on lightweight retrospectives as a means of enhancing security Incident Response follow-up efforts. Second, it presents an empirical evaluation of this lightweight approach in a Fortune 500 Financial organization's security Incident Response team.
-
security Incident Response criteria a practitioner s perspective
Americas Conference on Information Systems, 2015Co-Authors: George Grispos, William Bradley Glisson, Tim StorerAbstract:Industrial reports indicate that security Incidents continue to inflict large financial losses on organizations. Researchers and industrial analysts contend that there are fundamental problems with existing security Incident Response Process solutions. This paper presents the Security Incident Response Criteria (SIRC) which can be applied to a variety of security Incident Response approaches. The criteria are derived from empirical data based on in-depth interviews conducted within a Global Fortune 500 organization and supporting literature. The research contribution of this paper is twofold. First, the criteria presented in this paper can be used to evaluate existing security Incident Response solutions and second, as a guide, to support future security Incident Response improvement initiatives.
-
AMCIS - Security Incident Response Criteria: A Practitioner's Perspective
2015Co-Authors: George Grispos, William Bradley Glisson, Tim StorerAbstract:Industrial reports indicate that security Incidents continue to inflict large financial losses on organizations. Researchers and industrial analysts contend that there are fundamental problems with existing security Incident Response Process solutions. This paper presents the Security Incident Response Criteria (SIRC) which can be applied to a variety of security Incident Response approaches. The criteria are derived from empirical data based on in-depth interviews conducted within a Global Fortune 500 organization and supporting literature. The research contribution of this paper is twofold. First, the criteria presented in this paper can be used to evaluate existing security Incident Response solutions and second, as a guide, to support future security Incident Response improvement initiatives.
-
Rethinking Security Incident Response: The Integration of Agile Principles
arXiv: Cryptography and Security, 2014Co-Authors: George Grispos, William Bradley Glisson, Tim StorerAbstract:In today's globally networked environment, information security Incidents can inflict staggering financial losses on organizations. Industry reports indicate that fundamental problems exist with the application of current linear plan-driven security Incident Response approaches being applied in many organizations. Researchers argue that traditional approaches value containment and eradication over Incident learning. While previous security Incident Response research focused on best practice development, linear plan-driven approaches and the technical aspects of security Incident Response, very little research investigates the integration of agile principles and practices into the security Incident Response Process. This paper proposes that the integration of disciplined agile principles and practices into the security Incident Response Process is a practical solution to strengthening an organization's security Incident Response posture.
-
AMCIS - Rethinking Security Incident Response: The Integration of Agile Principles.
2014Co-Authors: George Grispos, William Bradley Glisson, Tim StorerAbstract:In today‟s globally networked environment, information security Incidents can inflict staggering financial losses on organizations. Industry reports indicate that fundamental problems exist with the application of current linear plan-driven security Incident Response approaches being applied in many organizations. Researchers argue that traditional approaches value containment and eradication over Incident learning. While previous security Incident Response research focused on best practice development, linear plandriven approaches and the technical aspects of security Incident Response, very little research investigates the integration of agile principles and practices into the security Incident Response Process. This paper proposes that the integration of disciplined agile principles and practices into the security Incident Response Process is a practical solution to strengthening an organization‟s security Incident Response posture.
Yi Zhang - One of the best experts on this subject based on the ideXlab platform.
-
Modeling freeway Incident Response time: A mechanism-based approach
Transportation Research Part C: Emerging Technologies, 2013Co-Authors: Lin Hou, Yunteng Lao, Yinhai Wang, Zuo Zhang, Yi ZhangAbstract:Incident Response time is critical for Incident management. The sooner an Incident is responded to, the lower the negative impact comes from it. There have been some achievements on Incident Response time modeling. However, most of them were based on empirical observations rather than the mechanism of the system and hence their findings were highly dependent on the proposed hypotheses and study sites. A more general analytical method is needed for Response time analysis. To fill up the gap, a mechanism based approach is proposed to model the Incident Response Process and explore the contributing explanatory attributes in this paper. A typical Incident Response Process is mathematically formulated based on the Incident Response truck (IRT)’s activity. Response time is considered being comprised of both preparation delay and travel time to the Incident site. Both components are modeled using probability distributions to take their stochastic features into account. The Response time model is calibrated using the Washington State Incident Tracking System (WITS) data and dual-loop detector data collected in 2009. Seven variables were found to significantly increase the Response preparation delay (e.g. injury involved, heavy truck involved, and weekends) and eleven variables were found having a decreasing effect on the preparation delay (e.g. peak hour and average annual daily traffic). The model has the potential to be used for Incident Response resource optimization and identification of measures for Incident Response time improvement.
-
Modeling Freeway Incident Response Time: Mechanism-Based Approach
2012Co-Authors: Lin Hou, Yunteng Lao, Yinhai Wang, Zuo Zhang, Yi ZhangAbstract:Freeway Incident duration analysis and prediction is important for freeway congestion mitigation. The sooner an Incident is responded to, the lower the negative impact from the Incident is. Hence, Response time is critical for Incident management. Most previous studies on Incident Response time simply treated the Incident Response Process as a black box and hence their findings were highly dependent on the proposed hypothesis and study sites. A more general analytical method is needed for Response time analysis. To fill up the gap, we propose a mechanism based approach to model the Incident Response Process and explore the contributing explanatory attributes in this paper. A typical Incident Response Process is mathematically formulated based on the Incident Response truck (IRT)i¯s activity. Response time is considered being comprised of both preparation delay and travel time to the Incident site. Both components are modeled using probability distributions to take their stochastic features into account. The Response time model is calibrated using the Washington State Incident Tracking System (WITS) data collected in 2009 and dual-loop detector data. Seven variables were found to significantly increase the Response preparation delay (e.g. injury involved, heavy truck involved, and weekends) and eleven variables were found having a decreasing effect on preparation time (e.g. peak hour, HOV, and average annual daily traffic). The model has the potential to be used for Incident Response resource optimization and identification of measures for Incident Response time improvement.
