Patrik Lif, Stefan Varga, Mikael Wedlin, David Lindahl, M. Persson
{"title":"网络事件报告中信息要素的评估","authors":"Patrik Lif, Stefan Varga, Mikael Wedlin, David Lindahl, M. Persson","doi":"10.1109/EuroSPW51379.2020.00012","DOIUrl":null,"url":null,"abstract":"An analyst’s main task within cyber security is to monitor, analyze, and decide on appropriate remedies for detected attacks. Analysts should ideally produce incident reports for record keeping and traceability, but also for enabling information sharing.This paper investigates which information elements that need to be included in an incident report to support incident management in a time-critical and high mental workload situation. Background information on existing reporting templates were drawn from the literature. Five different templates, a data exchange format, as well as two cyber situational awareness frameworks were analyzed. Then a novel reporting template from the military domain was scrutinized during a live cyber defense exercise.The results show that the information elements in the various existing templates differ, probably due to the different areas of use. The proposed military template was found to be useful to a high degree, even for incident reporting in the civilian sector. The new template can be improved by introducing additional fields, such as, e.g. descriptions of victims, attackers and assessments of attackers’ motives.","PeriodicalId":405252,"journal":{"name":"2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"721 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Evaluation of Information Elements in a Cyber Incident Report\",\"authors\":\"Patrik Lif, Stefan Varga, Mikael Wedlin, David Lindahl, M. Persson\",\"doi\":\"10.1109/EuroSPW51379.2020.00012\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"An analyst’s main task within cyber security is to monitor, analyze, and decide on appropriate remedies for detected attacks. Analysts should ideally produce incident reports for record keeping and traceability, but also for enabling information sharing.This paper investigates which information elements that need to be included in an incident report to support incident management in a time-critical and high mental workload situation. Background information on existing reporting templates were drawn from the literature. Five different templates, a data exchange format, as well as two cyber situational awareness frameworks were analyzed. Then a novel reporting template from the military domain was scrutinized during a live cyber defense exercise.The results show that the information elements in the various existing templates differ, probably due to the different areas of use. The proposed military template was found to be useful to a high degree, even for incident reporting in the civilian sector. The new template can be improved by introducing additional fields, such as, e.g. descriptions of victims, attackers and assessments of attackers’ motives.\",\"PeriodicalId\":405252,\"journal\":{\"name\":\"2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)\",\"volume\":\"721 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/EuroSPW51379.2020.00012\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EuroSPW51379.2020.00012","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Evaluation of Information Elements in a Cyber Incident Report
An analyst’s main task within cyber security is to monitor, analyze, and decide on appropriate remedies for detected attacks. Analysts should ideally produce incident reports for record keeping and traceability, but also for enabling information sharing.This paper investigates which information elements that need to be included in an incident report to support incident management in a time-critical and high mental workload situation. Background information on existing reporting templates were drawn from the literature. Five different templates, a data exchange format, as well as two cyber situational awareness frameworks were analyzed. Then a novel reporting template from the military domain was scrutinized during a live cyber defense exercise.The results show that the information elements in the various existing templates differ, probably due to the different areas of use. The proposed military template was found to be useful to a high degree, even for incident reporting in the civilian sector. The new template can be improved by introducing additional fields, such as, e.g. descriptions of victims, attackers and assessments of attackers’ motives.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
