1 / 14

Incident Reporting Systems

Incident Reporting Systems. for information security. Summary. Incident reporting is (probably) important (everybody else does it) seemingly not very widespread tough to do successfully not well researched easier with the right tools. Problem. Why reporting?

jamiel
Download Presentation

Incident Reporting Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Incident Reporting Systems for information security

  2. Summary Incident reporting is • (probably) important (everybody else does it) • seemingly not very widespread • tough to do successfully • not well researched • easier with the right tools

  3. Problem Why reporting? • Information security complexity rising • Number of events and incidents rising Why is it difficult? • Social and organizational issues prevent information sharing

  4. Possible aid • A starting point given by F. O. Sveen et al. • Basis in safety practices • Well established field of research • System dynamics for modelling • Can we use this in information security?

  5. System Dynamics • An approach to viewing complex processes • Considers processes dynamic feedback systems • Focus on core concepts of systems, and their relationships

  6. System Dynamics

  7. System Dynamics

  8. System Dynamics

  9. The IRS Model

  10. The IRS Model • Events are reported • Reports are investigated • Lessons learned fed back to organization • Awareness is raised • Future events are prevented • Punishment, incentives and perceived usefulness affect motivation to report

  11. The IRS Model • Model based on safety systems • Are safety and security incidents similar? • Is building reporting culture met with similar challenges? • Can the IRS Model be used in information security?

  12. Case • Health care institution • Established practices in safety reporting • Has recently implemented information security reporting (into same system) • How well does that work? • Do assumptions from the IRS model fit in?

  13. Preliminary findings • Theory studies: little theory/publication on information security incident reporting. • Incidents and events are not the same as in safety • Information security has more deliberate, external events, this can reduce benefits. • Events and incidents do not necessarily have the same causes

  14. Preliminary findings • Interview results pending • Attempt to gauge how well the IRS Model’s assumptions match those of a real-life implemented system. • Ultimate goal to tune model to be a basis for developing information security IRS

More Related