Alignment of Cybersecurity Incident Prioritisation with Incident Response Management Maturity Capabilities

• URL: http://arxiv.org/abs/2410.02259v1
• Date: Thu, 3 Oct 2024 07:05:47 GMT
• Title: Alignment of Cybersecurity Incident Prioritisation with Incident Response Management Maturity Capabilities
• Authors: Abdulaziz Gulay, Leandros Maglaras,
• Abstract summary: This paper explores a possible utilisation of IR CMMs assessments to prioritise high-risk incidents. The findings reveal common weaknesses in incident response, such as inadequate training and poor communication. The analysis also emphasises the importance of organisational culture in enhancing incident response capabilities.
• Score: 0.0
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: The increasing frequency and sophistication of cybersecurity incidents pose significant challenges to organisations, highlighting the critical need for robust incident response capabilities. This paper explores a possible utilisation of IR CMMs assessments to systematically prioritise incidents based on their impact, severity, and the incident response capabilities of an organisation in specific areas associated with human and organisational factors. The findings reveal common weaknesses in incident response, such as inadequate training and poor communication, and highlight best practices, including regular training programs, clear communication protocols, and well-documented response procedures. The analysis also emphasises the importance of organisational culture in enhancing incident response capabilities. By addressing the gap in understanding how the output of IRM assessments can be immediately utilised to prioritise high-risk incidents, this paper contributes valuable insights to academia and practice, offering a structured approach to enhancing organisational resilience against cybersecurity threats.

Related papers

• Evaluating Cultural and Social Awareness of LLM Web Agents [113.49968423990616]
  We introduce CASA, a benchmark designed to assess large language models' sensitivity to cultural and social norms. Our approach evaluates LLM agents' ability to detect and appropriately respond to norm-violating user queries and observations. Experiments show that current LLMs perform significantly better in non-agent environments.
  arXiv  Detail & Related papers  (2024-10-30T17:35:44Z)
• Cybersecurity Challenge Analysis of Work-from-Anywhere (WFA) and Recommendations guided by a User Study [1.1749564892273827]
  Many organizations were forced to quickly transition to the work-from-anywhere (WFA) model as a necessity to continue with their operations and remain in business despite the restrictions imposed during the COVID-19 pandemic. This paper attempts to uncover some challenges and implications related to the cybersecurity of the WFA model. We conducted an online user study to investigate the readiness and cybersecurity awareness of employers and their employees who shifted to work remotely from anywhere.
  arXiv  Detail & Related papers  (2024-09-11T18:47:04Z)
• CrisisSense-LLM: Instruction Fine-Tuned Large Language Model for Multi-label Social Media Text Classification in Disaster Informatics [49.2719253711215]
  This study introduces a novel approach to disaster text classification by enhancing a pre-trained Large Language Model (LLM) Our methodology involves creating a comprehensive instruction dataset from disaster-related tweets, which is then used to fine-tune an open-source LLM. This fine-tuned model can classify multiple aspects of disaster-related information simultaneously, such as the type of event, informativeness, and involvement of human aid.
  arXiv  Detail & Related papers  (2024-06-16T23:01:10Z)
• ABI Approach: Automatic Bias Identification in Decision-Making Under Risk based in an Ontology of Behavioral Economics [46.57327530703435]
  Risk seeking preferences for losses, driven by biases such as loss aversion, pose challenges and can result in severe negative consequences. This research introduces the ABI approach, a novel solution designed to support organizational decision-makers by automatically identifying and explaining risk seeking preferences.
  arXiv  Detail & Related papers  (2024-05-22T23:53:46Z)
• Employing LLMs for Incident Response Planning and Review [0.0]
  Incident Response Planning (IRP) is essential for effective cybersecurity management. Yet, creating comprehensive IRPs is often hindered by challenges such as complex systems, high turnover rates, and legacy technologies lacking documentation. This paper argues that the development, review, and refinement of IRPs can be significantly enhanced through the utilization of Large Language Models (LLMs) like ChatGPT.
  arXiv  Detail & Related papers  (2024-03-02T17:23:41Z)
• QuantTM: Business-Centric Threat Quantification for Risk Management and Cyber Resilience [0.259990372084357]
  QuantTM is an approach that incorporates views from operational and strategic business representatives to collect threat information. It empowers the analysis of threats' impacts and the applicability of security controls.
  arXiv  Detail & Related papers  (2024-02-21T21:34:06Z)
• Data Poisoning for In-context Learning [49.77204165250528]
  In-context learning (ICL) has been recognized for its innovative ability to adapt to new tasks. This paper delves into the critical issue of ICL's susceptibility to data poisoning attacks. We introduce ICLPoison, a specialized attacking framework conceived to exploit the learning mechanisms of ICL.
  arXiv  Detail & Related papers  (2024-02-03T14:20:20Z)
• On the Security Risks of Knowledge Graph Reasoning [71.64027889145261]
  We systematize the security threats to KGR according to the adversary's objectives, knowledge, and attack vectors. We present ROAR, a new class of attacks that instantiate a variety of such threats. We explore potential countermeasures against ROAR, including filtering of potentially poisoning knowledge and training with adversarially augmented queries.
  arXiv  Detail & Related papers  (2023-05-03T18:47:42Z)
• Better Retrieval May Not Lead to Better Question Answering [59.1892787017522]
  A popular approach to improve the system's performance is to improve the quality of the retrieved context from the IR stage. We show that for StrategyQA, a challenging open-domain QA dataset that requires multi-hop reasoning, this common approach is surprisingly ineffective.
  arXiv  Detail & Related papers  (2022-05-07T16:59:38Z)
• A framework for effective corporate communication after cyber security incidents [2.66512000865131]
  Major cyber security incidents can represent a cyber crisis for an organisation, in particular because of the associated risk of reputational damage. This research seeks to tackle this problem through a critical, multi-faceted investigation into the efficacy of crisis communication and public relations following a data breach. It does so by drawing on academic literature, obtained through a systematic literature review, and real-world case studies. The validity of this framework is demonstrated by its evaluation through interviews with senior industry professionals, as well as a critical assessment against relevant practice and research.
  arXiv  Detail & Related papers  (2020-09-19T11:08:53Z)
• Cyber Security Incident Handling, Warning and Response System for the European Critical Information Infrastructures (CyberSANE) [0.29005223064604074]
  This paper aims to enhance the security and resilience of Critical Information Infrastructures (CIIs) by providing a dynamic collaborative, warning and response system (CyberSANE system) The proposed solution provides a first of a kind approach for handling cyber security incidents in the digital environments with highly interconnected, complex and diverse nature.
  arXiv  Detail & Related papers  (2020-03-11T15:25:40Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.