A collaborative approach for national cybersecurity incident management
Journal article
Authors | Oriola, Oluwafemi, Adeyemo, Adesesan Barnabas, Papadaki, Maria and Kotzé, Eduan |
---|---|
Abstract | Collaborative-based national cybersecurity incident management benefits from the huge size of incident information, large-scale information security devices and aggregation of security skills. However, no existing collaborative approach has been able to cater for multiple regulators, divergent incident views and incident reputation trust issues that national cybersecurity incident management presents. This paper aims to propose a collaborative approach to handle these issues cost-effectively. A collaborative-based national cybersecurity incident management architecture based on ITU-T X.1056 security incident management framework is proposed. It is composed of the cooperative regulatory unit with cooperative and third-party management strategies and an execution unit, with incident handling and response strategies. Novel collaborative incident prioritization and mitigation planning models that are fit for incident handling in national cybersecurity incident management are proposed. Use case depicting how the collaborative-based national cybersecurity incident management would function within a typical information and communication technology ecosystem is illustrated. The proposed collaborative approach is evaluated based on the performances of an experimental cyber-incident management system against two multistage attack scenarios. The results show that the proposed approach is more reliable compared to the existing ones based on descriptive statistics. The approach produces better incident impact scores and rankings than standard tools. The approach reduces the total response costs by 8.33% and false positive rate by 97.20% for the first attack scenario, while it reduces the total response costs by 26.67% and false positive rate by 78.83% for the second attack scenario. |
Keywords | Management of Technology and Innovation; Information Systems and Management; Computer Networks and Communications; Information Systems; Software; Management Information Systems; information security; incident management; national cybersecurity; incident handling and response |
Year | 2021 |
Journal | Information and Computer Security |
Journal citation | 29 (3), pp. 1-28 |
Publisher | Emerald |
ISSN | 2056-4961 |
Digital Object Identifier (DOI) | https://doi.org/10.1108/ics-02-2020-0027 |
Web address (URL) | https://www.emerald.com/insight/content/doi/10.1108/ICS-02-2020-0027/full/html |
hdl:10545/625883 | |
Output status | Published |
Publication dates | 28 Jun 2021 |
Publication process dates | |
Deposited | 15 Jul 2021, 14:49 |
Accepted | 26 Nov 2020 |
Contributors | university of Plymouth, University of Ibadan, Ibadan, Nigeria and University of the Free State, Bloemfontein, South Africa |
File | File Access Level Restricted |
File | License File Access Level Open |
https://repository.derby.ac.uk/item/94640/a-collaborative-approach-for-national-cybersecurity-incident-management
Download files
58
total views15
total downloads2
views this month0
downloads this month