Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

Comprehensive Information Security Awareness (CISA) in Security Incident Management (SIM): A Conceptualization


Affiliations
1 Information Technology & Systems Area, Indian Institute of Management Kashipur, Kundeshwari, Kashipur 244713, Uttarakhand, India
     

   Subscribe/Renew Journal


Information security incidents are a major concern for organizations today, and the prevention and mitigation of such incidents are essential for business survival and smooth functioning. Organizations implement a security incident management process to detect and mitigate security incidents. Despite an organization’s investment and efforts to prevent security incidents, its occurrences have increased over the years, signaling limitations in the existing process. We posit that the limitations may be due to the lack of a comprehensive awareness of threats by security professionals. To this effect, we define and conceptualize Comprehensive Information Security Awareness (CISA) as comprising of three elements, namely: security, system, and situational awareness. We leverage the knowledge, skills, and abilities-based approach in NIST-SP-800-16 and security awareness concepts from the literature for conceptualizing CISA. We discuss the effects of CISA on threat management tasks in the context of security incident management.

Keywords

Information Security Awareness, Situation Awareness, System Awareness, Threat Detection, Threat Mitigation.
User
Subscription Login to verify subscription
Notifications
Font Size

  • Ahmad, A., Hadgkiss, J., & Ruighaver, A. B. (2012). Incident response teams– Challenges in supporting the organizational security function. Computers & Security, 31(5), 643-652.
  • Ahmad, A., Maynard, S. B., & Shanks, G. (2015). A case analysis of information systems and security incident responses. International Journal of Information Management, 35(6), 717-723.
  • Alberts, C., Dorofee, A., Killcrece, G., Ruefle, R., & Zajicek, M. (2004). Defining incident management processes for CSIRTS: A work in progress (No. CMU/SEI-2004TR-015). Pittsburgh PA: Software Engineering Institute, Carnegie Mellon University.
  • Albanese, M., Jajodia, S., Pugliese, A., & Subrahmanian, V. S. (2011, September). Scalable analysis of attack scenarios. In European Symposium on Research in Computer Security (pp. 416-433). Springer, Berlin, Heidelberg.
  • Bartnes, M., Moe, N. B., & Heegaard, P. E. (2016). The future of information security incident management training: A case study of electrical power companies. Computers & Security, 61, 32-45.
  • Baskerville, R., Spagnoletti, P., & Kim, J. (2014). Incident-centered information security: Managing a strategic balance between prevention and response. Information & Management, 51(1), 138-151.
  • Barnum, S. (2012). Standardizing cyber threat intelligence information with the Structured Threat Information eXpression (STIX). Mitre Corporation, 11, 1-22.
  • Bianchi, D., & Tosun, O. K. (2019). Cyber attacks and stock market activity (SSRN Working Paper No. 3190454).
  • Brown, R., & Lee, R. M. (2019). The Evolution of Cyber Threat Intelligence (CTI): 2019 SANS CTI Survey. Bethseda, MD: SANS Institute.
  • Capgemini Consulting. (2017). Information Security Benchmarking 2017 Report. Stuttgart, Germany: Author.
  • Caralli, R., Danyliw,R., & Spencer, J.(2014). CSIRT requirements for situational awareness. Pittsburgh PA: Software Engineering Institute, Carnegie Mellon University.
  • Casey, E. (2005). Case study: network intrusion investigation–lessons in forensic preparation. Digital Investigation, 2(4), 254-260
  • Chen, C. C., Shaw, R. S., & Yang, S. C. (2006). Mitigating information security risks by increasing user security awareness: A case study of an information security awareness system. Information Technology, Learning & Performance Journal, 24(1), 1-14.
  • Cheng, Y., Sagduyu, Y., Deng, J., Li, J., & Liu, P. (2012, May). Integrated situational awareness for cyber attack detection, analysis, and mitigation. In Sensors and Systems for Space Applications V (Vol. 8385, p. 83850N). International Society for Optics and Photonics.
  • Chen B., C. C., Medlin, D., & Shaw, R.S. (2008), A cross-cultural investigation of situational information security awareness programs, Information Management & Computer Security, 16(4), 360-376.
  • Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012). Computer security incident handling guide. NIST Special Publication, 800(61), 1-147.
  • Clark, J. A., Murdoch, J., McDermid, J. A., Sen, S., Chivers, H., Worthington, O., & Rohatgi, P. (2007, September). Threat modelling for mobile ad hoc and sensor networks. In Proceedings of Annual Conference of ITA (pp. 25-27).
  • Couce-Vieira, A., Rios Insua, D., & Houmb, S. H. (2019). GIRA: A general model for incident risk analysis. Journal of Risk Research, 22(2), 191-208.
  • D’Amico, A., Whitley, K., Tesone, D., O’Brien, B., & Roth, E. (2005, September). Achieving cyber defense situational awareness: A cognitive task analysis of information assurance analysts. In Proceedings of the human factors and ergonomics society annual meeting (Vol. 49, No. 3, pp. 229-233). Sage CA: Los Angeles, CA: SAGE Publications.
  • Dutt, V., Ahn, Y. S., & Gonzalez, C. (2011, July). Cyber situation awareness: Modeling the security analyst in a cyber-attack scenario through instance-based learning. In Proceedings of IFIP Annual Conference on Data and Applications Security and Privacy (pp. 280-292). Springer, Berlin, Heidelberg.
  • Eckhart, M., Ekelhart, A., & Weippl, E. (2019, September). Enhancing Cyber Situational Awareness for Cyber-Physical Systems through Digital Twins. In 2019 24th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA) (pp. 1222-1225). IEEE.
  • Endsley, M. R. (1988, October). Design and evaluation for situation awareness enhancement. In Proceedings of the Human Factors Society annual meeting (Vol. 32, No. 2, pp. 97-101). Sage CA: Los Angeles, CA: SAGE Publications.
  • Endsley, M. R., & Garland, D. J. (2000). Theoretical underpinnings of situation awareness: A critical review. Situation Awareness Analysis and Measurement, 1, 24.
  • Erbacher, R. F., Frincke, D. A., Wong, P. C., Moody, S., & Fink, G. (2010, January). Cognitive task analysis of network analysts and managers for network situational awareness. In Visualization and Data Analysis 2010 (Vol. 7530, p. 75300H). International Society for Optics and Photonics.
  • Franke, U., & Brynielsson, J. (2014). Cyber situational awareness–a systematic review of the literature. Computers & Security, 46, 18-31.
  • Fireeye. (2012) The Importance of Security Awareness, Threat Research, Fireeye.
  • Fireeye. (2017). Cyber Threats: A Perfect storm to hit Europe?. Fireeye.
  • Friligkos, V. (2014). Setting up and fine tuning a security operations centre (Unpublished master's thesis). Gothenburg, Sweden: Chalmers University of Technology.
  • Frost & Sullivan (2018). The iceberg effect cyber attacks in Asia Pacific. Microsoft Asia News Center.
  • Goodhue, D. L., & Straub, D. W. (1991). Security concerns of system users: a study of perceptions of the adequacy of security. Information & Management, 20(1), 13-27
  • Grimaila, M. R., Fortson, L. W., & Sutton, J. L. (2009). Design considerations for a cyber incident mission impact assessment (CIMIA) process (No. AFIT/CCR081025). Air Force Inst. of Tech Wright-Patterson OH Center For Cyber Space Research.
  • Grispos, G., Glisson, W. B., & Storer, T. (2013). Cloud security challenges: Investigating policies, standards, and guidelines in a fortune 500 organization. arXiv preprint arXiv:1306.2477
  • Hatzivasilis, G., Soultatos, O., Chatziadam, P., Fysarakis, K., Askoxylakis, I., Ioannidis, S., & Spanoudakis, G. (2019). WARDOG: Awareness detection watchbog for Botnet infection on the host device. IEEE Transactions on Sustainable Computing.
  • Hove, C., Tarnes, M., Line, M. B., & Bernsmed, K. (2014, May). Information security incident management: identified practice in large organizations. In Proceedings of the 2014 Eighth International Conference on it security incident management & it forensics (IMF) (pp. 27-46). Munster, Germany: IEEE Computer Society.
  • ISO/IEC 27035, (2011). Information technology – Security techniques – Information security incident management.
  • Jaatun, M. G., Albrechtsen, E., Line, M. B., Tøndel, I. A., & Longva, O. H. (2009). A framework for incident response management in the petroleum industry. International Journal of Critical Infrastructure Protection, 2(1-2), 26-37.
  • Jacq, O., Brosset, D., Kermarrec, Y., & Simonin, J. (2019, June). Cyber-attacks real time detection: towards a Cyber Situational Awareness for naval systems. In Proceedings of the 2019 International Conference on cyber situational awareness, data analytics and assessment (Cyber SA) (pp. 1-2). Oxford, UK: IEEE.
  • Johnson, L. (2013). Computer incident response and forensics team management: Conducting a successful incident response. Waltham, MA: Syngress.
  • Killcrece, G., Kossakowski, K. P., Ruefle, R., & Zajicek, M. (2003a). State of the practice of computer security incident response teams (CSIRTs) (No. CMU/SEI- 2003TR-001). Pittsburgh PA: Software Engineering Institute, Carnegie Mellon University.
  • Kostina, A, Miloslavskaya N, Tolstoy A. (2009). Information security incident management process., In Proceedings of the 2nd International Conference on security of information and networks (p. 93).
  • Kral, P. (2011). The Incident Handlers Handbook. Bethseda, MD: SANS Institute.
  • Legg, P., & Blackman,T. (2019, June). Tools and techniques for improving cyber situational awareness of targeted phishing attacks. In Proceedings of the 2019 International Conference on cyber situational awareness, data analytics and assessment (Cyber SA) (pp. 1-4). Oxford, UK: IEEE.
  • Li, S., & Zhao, D. (2019, August). A LSTM-based method for comprehension and evaluation of network security situation. In Proceedings of the 2019 18th IEEE International Conference on trust, security and privacy in computing and communications /13th IEEE International Conference on big data science and engineering (TrustCom/BigDataSE) (pp. 723-728). Rotorua, New Zealand: IEEE.
  • Li, X., & Hedman, K. W. (2019). Enhancing Power System Cyber-Security with Systematic Two-Stage Detection Strategy. IEEE Transactions on Power Systems.
  • Li, Y., Dai, W., Bai, J., Gan, X., Wang, J., & Wang, X. (2018). An intelligencedriven security-aware defense mechanism for advanced persistent threats. IEEE Transactions on Information Forensics and Security, 14(3), 646-661.
  • Liu,P., Jia, X., Zhang, S., Xiong, X., Jhi, Y. C., Bai, K., & Li, J. (2010). Cross-layer damage assessment for cyber situational awareness. In Cyber Situational Awareness (pp. 155-176). Boston, MA: Springer.
  • Mark, L. (2014). The Global State of Information Security Survey 2014: Security risks and responses in an evolving telecommunications industry. Atlanta, GA: PriceWaterhouse Coopers.
  • Mathew, S., Britt, D., Giomundo, R., Upadhyaya, S., Sudit, M., & Stotz, A. (2005, October). Real-time multistage attack awareness through enhanced intrusion alert clustering. In MILCOM (Vol. 3, p. 1801).
  • Metzger, S., Hommel, W., & Reiser, H. (2011, May). Integrated security incident management—Concepts and real-world experiences. In Proceedings of the 2011 Sixth International Conference on IT Security Incident Management and IT Forensics (pp. 107- 121). IEEE
  • Onwubiko, C. (2009, June). Functional requirements of situational awareness in computer network security. Richardson, TX, USA
  • Oltsik, J. (2015). Tackling attack detection and incident response. Milford, MA: Enterprise Strategy Group.
  • Oyewole,T. (2016). Application of situation awareness in incident response. ISACA.
  • Ponemon Institute (January, 2019), Cost of a data breach (Report 2019). Retrieved June 06, 2020, from https://www.ibm.com/security/data-breach 54. PwC report (2015). Information security breaches survey. Atlanta GA: Author.
  • Ramos,A., Milfont,R.T., HolandaFilho, R., & Rodrigues, J. J. (2019). Enabling Online Quantitative Security Analysis in 6LoWPAN Networks. IEEE Internet of Things Journal, 6(3), 5631-5638.
  • Rongrong,X., Xiaochun,Y., & Zhiyu, H. (2018). Framework for risk assessment in cyber situational awareness. IET Information Security, 13(2), 149-156.
  • Ruefle,R., Dorofee,A., Mundie, D., Householder, A. D., Murray, M., & Perl, S. J. (2014). Computer security incident response team development and evolution. IEEE Security & Privacy, 12(5), 16-26.
  • Sandnes.J. (2017). Applying Machine Learning for Detecting Exploit Kit Traffic. Master’s Thesis Autumn 2017. Department of Informatics. University of Oslo.
  • Semple,W. (2015). A threat-based approach to security. Computer Fraud & Security, 2015(2), 7-10.
  • Shedden, P., Ahmad, A., & Ruighaver, A. B. (2011). Informal learning in security incident response teams. In Proceedings of the 2011 Australasian Conference on Information Systems.
  • Spadaro, A. (2013). Event correlation for detecting advanced multi-stage cyber-attacks (Unpublished doctoral dissertation). Delft, Netherlands: Delft University of Technology.
  • Tankard, C. (2011). Advanced persistent threats and how to monitor and deter them. Network Security, 2011(8), 16-19.
  • Toth, P., & Klein, P. (2013). A role-based model for federal information technology/cyber security training. NIST Special Publication 800-16 Revision 1 (2nd Draft, Version 2).
  • Voitovych, O., Baryshev, Y., Kolibabchuk, E., & Kupershtein, L. (2016). Investigation of Simple Denial-of-Service Attacks. CERT CEI
  • Yang, S. J., Byers, S., Holsopple, J., Argauer, B., & Fava, D. (2008, June). Intrusion activity projection for cyber situational awareness. In 2008 IEEE International Conference on Intelligence and Security Informatics (pp. 167-172). IEEE
  • Yuill, J., Wu, F., Settle, J., Gong, F., Forno, R., Huang, M., & Asbery, J. (2000). Intrusion-detection for incident-response, using a military battlefield-intelligence process. Computer Networks, 34(4), 671-697.
  • Wack, J. (1991). Establishing a Computer Security Incident Response Capability (CSIRC). NIST Special Publication, 800(3).
  • Werlinger, R., Muldner, K., Hawkey, K., & Beznosov, K. (2009). Towards Understanding Diagnostic Work During the Detection and Investigation of Security Incidents. In HAISA (pp. 119-134).
  • Werlinger, R., Muldner,K., Hawkey,K., & Beznosov,K. (2010). Preparation, detection, and analysis: the diagnostic work of IT security incident response. Information Management & Computer Security, 18(1), 26-42.
  • West-Brown, M. J., Stikvoort, D., Kossakowski, K. P., Killcrece, G., & Ruefle, R. (2003). Handbook for computer security incident response teams (CSIRTS) (No. CMU/SEI-2003-HB-002). Pittsburgh PA: Software Engineering Institute, Carnegie Mellon University.
  • Wilson, M., & Hash, J. (2003). Building an information technology security awareness and training program. NIST, Special publication, 800(50),1-39.
  • Woods, D. D. (1988, March). Coping with complexity: the psychology of human behaviour in complex systems. In Tasks, errors, and mental models (pp. 128-148). Taylor & Francis, Inc.

Abstract Views: 201

PDF Views: 0




  • Comprehensive Information Security Awareness (CISA) in Security Incident Management (SIM): A Conceptualization

Abstract Views: 201  |  PDF Views: 0

Authors

Manisekaran Thangavelu
Information Technology & Systems Area, Indian Institute of Management Kashipur, Kundeshwari, Kashipur 244713, Uttarakhand, India
Venkataraghavan Krishnaswamy
Information Technology & Systems Area, Indian Institute of Management Kashipur, Kundeshwari, Kashipur 244713, Uttarakhand, India
Mayank Sharma
Information Technology & Systems Area, Indian Institute of Management Kashipur, Kundeshwari, Kashipur 244713, Uttarakhand, India

Abstract


Information security incidents are a major concern for organizations today, and the prevention and mitigation of such incidents are essential for business survival and smooth functioning. Organizations implement a security incident management process to detect and mitigate security incidents. Despite an organization’s investment and efforts to prevent security incidents, its occurrences have increased over the years, signaling limitations in the existing process. We posit that the limitations may be due to the lack of a comprehensive awareness of threats by security professionals. To this effect, we define and conceptualize Comprehensive Information Security Awareness (CISA) as comprising of three elements, namely: security, system, and situational awareness. We leverage the knowledge, skills, and abilities-based approach in NIST-SP-800-16 and security awareness concepts from the literature for conceptualizing CISA. We discuss the effects of CISA on threat management tasks in the context of security incident management.

Keywords


Information Security Awareness, Situation Awareness, System Awareness, Threat Detection, Threat Mitigation.

References