Understanding Collaborative Challenges in IT Security Preparedness Exercises

Abstract : IT security preparedness exercises allow for practical collaborative training, which in turn leads to improved response capabilities to information security incidents for an organization. However, such exercises are not commonly performed in the electric power industry. We have observed a tabletop exercise as performed by three organizations with the aim of understanding challenges of performing such exercises. We argue that challenges met during exercises could affect the response process during a real incident as well, and by improving the exercises the response capabilities would be strengthened accordingly. We found that the response team must be carefully selected to include the right competences and all parties that would be involved in a real incident response process, such as technical, managerial, and business responsible. Further, the main goal of the exercise needs to be well understood among the whole team and the facilitator needs to ensure a certain time pressure to increase the value of the exercise, and both the exercise and existing procedures need to be reviewed. Finally, there are many ways to conduct preparedness exercises. Therefore, organizations need to both optimize current exercise practices and experiment with new ones.
Type de document :
Communication dans un congrès
Hannes Federrath; Dieter Gollmann. 30th IFIP International Information Security Conference (SEC), May 2015, Hamburg, Germany. IFIP Advances in Information and Communication Technology, AICT-455, pp.311-324, 2015, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-319-18467-8_21〉
Liste complète des métadonnées

Littérature citée [18 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01345116
Contributeur : Hal Ifip <>
Soumis le : mercredi 13 juillet 2016 - 11:03:14
Dernière modification le : mercredi 13 juillet 2016 - 11:18:42

Fichier

337885_1_En_21_Chapter.pdf
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Maria Line, Nils Moe. Understanding Collaborative Challenges in IT Security Preparedness Exercises. Hannes Federrath; Dieter Gollmann. 30th IFIP International Information Security Conference (SEC), May 2015, Hamburg, Germany. IFIP Advances in Information and Communication Technology, AICT-455, pp.311-324, 2015, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-319-18467-8_21〉. 〈hal-01345116〉

Partager

Métriques

Consultations de la notice

30

Téléchargements de fichiers

4