{"title":"实施协调事件处理模型","authors":"R. Daley, Thomas Millar, M. Osorno","doi":"10.1109/THS.2011.6107886","DOIUrl":null,"url":null,"abstract":"Cyber threats are becoming increasingly sophisticated and subtle, making them even harder to detect and contain, and the number of critical, often simultaneous cyber incidents continues to rise at an alarming rate. In this environment, coordinated incident handling across a variety of organizations and incidents is essential for effective response. Current approaches use linear processes developed to handle single incidents with little attention paid to simultaneous or complex attacks encompassing many incidents, to coordination with other organizations, or the ability to scale to the size necessary for large, cross-cutting incidents. We have developed a coordination model for cyber incident management that provides enough structure to enable cooperative operations, but is sufficiently abstract to enable the organizational autonomy and customization essential for effective response for all types of organizations. It is easily understood, straightforward to apply, and versatile enough to overlay on existing organizational processes and structures, both for small, local activities as well as large, cross-organizational ones. This model will enable faster recognition and more rapid escalation of important cyber incidents as well as improving knowledge about such incidents for organizational peers across the community, further enhancing their local response capabilities.","PeriodicalId":228322,"journal":{"name":"2011 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Operationalizing the coordinated incident handling model\",\"authors\":\"R. Daley, Thomas Millar, M. Osorno\",\"doi\":\"10.1109/THS.2011.6107886\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cyber threats are becoming increasingly sophisticated and subtle, making them even harder to detect and contain, and the number of critical, often simultaneous cyber incidents continues to rise at an alarming rate. In this environment, coordinated incident handling across a variety of organizations and incidents is essential for effective response. Current approaches use linear processes developed to handle single incidents with little attention paid to simultaneous or complex attacks encompassing many incidents, to coordination with other organizations, or the ability to scale to the size necessary for large, cross-cutting incidents. We have developed a coordination model for cyber incident management that provides enough structure to enable cooperative operations, but is sufficiently abstract to enable the organizational autonomy and customization essential for effective response for all types of organizations. It is easily understood, straightforward to apply, and versatile enough to overlay on existing organizational processes and structures, both for small, local activities as well as large, cross-organizational ones. This model will enable faster recognition and more rapid escalation of important cyber incidents as well as improving knowledge about such incidents for organizational peers across the community, further enhancing their local response capabilities.\",\"PeriodicalId\":228322,\"journal\":{\"name\":\"2011 IEEE International Conference on Technologies for Homeland Security (HST)\",\"volume\":\"23 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-12-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 IEEE International Conference on Technologies for Homeland Security (HST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/THS.2011.6107886\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 IEEE International Conference on Technologies for Homeland Security (HST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/THS.2011.6107886","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Operationalizing the coordinated incident handling model
Cyber threats are becoming increasingly sophisticated and subtle, making them even harder to detect and contain, and the number of critical, often simultaneous cyber incidents continues to rise at an alarming rate. In this environment, coordinated incident handling across a variety of organizations and incidents is essential for effective response. Current approaches use linear processes developed to handle single incidents with little attention paid to simultaneous or complex attacks encompassing many incidents, to coordination with other organizations, or the ability to scale to the size necessary for large, cross-cutting incidents. We have developed a coordination model for cyber incident management that provides enough structure to enable cooperative operations, but is sufficiently abstract to enable the organizational autonomy and customization essential for effective response for all types of organizations. It is easily understood, straightforward to apply, and versatile enough to overlay on existing organizational processes and structures, both for small, local activities as well as large, cross-organizational ones. This model will enable faster recognition and more rapid escalation of important cyber incidents as well as improving knowledge about such incidents for organizational peers across the community, further enhancing their local response capabilities.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
