学位论文详细信息
On the enhancement of data quality in security incident response investigations
QA75 Electronic computers. Computer science;QA76 Computer software
Grispos, George ; Storer, Tim
University:University of Glasgow
Department:School of Computing Science
关键词: Security incident response, data quality, case study, cybercrime.;   
Others  :  http://theses.gla.ac.uk/7293/1/2016GrisposPhd.pdf
来源: University of Glasgow
PDF
【 摘 要 】

Security incidents detected by information technology-dependent organisations are escalating in both scale and complexity. As a result, security incident response has become a critical mechanism for organisations in an effort to minimise the damage from security incidents. To help organisations develop security incident response capabilities, several security incident response approaches and best practice guidelines have been published in both industry and academia. The final phase within many of these approaches and best practices is the ‘feedback’ or ‘follow-up’ phase. Within this phase, it is expected that an organisation will learn from a security incident and use this information to improve its overall information security posture. However, researchers have argued that many organisations tend to focus on eradication and recovery instead of learning from a security incident.An exploratory case study was undertaken in a Fortune 500 Organisation to investigate security incident learning in practice within organisations. At a high-level, the challenges and problems identified from the case study suggests that security incident response could benefit from improving the quality of data generated from and during security investigations. Therefore, the objective of this research was to improve the quality of data in security incident response, so that organisations can develop deeper insights into security incident causes and to assist with security incident learning.A supplementary challenge identified was the need to minimise the time-cost associated with any changes to organisational processes. Therefore, several lightweight measures were created and implemented within the case study organisation. These measures were evaluated in a series of longitudinal studies that collected both quantitative and qualitative data from the case study organisation.

【 预 览 】
附件列表
Files Size Format View
On the enhancement of data quality in security incident response investigations 4122KB PDF download
  文献评价指标  
  下载次数:49次 浏览次数:11次