Change search
ReferencesLink to record
Permanent link

Direct link
Indicators for ICT security incident management
Norwegian University of Science and Technology, Faculty of Information Technology, Mathematics and Electrical Engineering, Department of Telematics.
2013 (English)MasteroppgaveStudent thesis
Abstract [en]

Managing the different types and the nature of information security incidents has become a challenging task. However, the use of security incident indicators can improve the capabilities of the incident management process. Indicators are not only needed to assess and monitor the quality of incident management capabilities by quantifying overall processes, but also to provide an early warning and notification of incident occurrences. Though some research work has been initiated for development of measurements and indicators in information security incident management, use of those have been relatively sparse. Also, varied profiles of organizations, changing nature of threats and frequent update and advancement in technology have made it difficult to establish a set of common measurements and indicators. However, there exists significant amount of research, development and implementation of indicators in the safety field. It would be of significant interest to investigate whether safety performance indicators could be adapted to the field of security incident management. In this thesis, a literature study has been performed in the field of safety performance indicators. This study provided us with some results, indicating that effective safety performance indicators could be adapted to the security incident management field. Effective indicators have been adapted to different phases of security incident management through a defined methodology. Those indicators are analysed in detail with their usage, scope, pros and cons in different phases of the incident management process. This thesis also includes a scenario describing the use and implementation of such indicators. It was found that safety indicators could be adapted to the plan, prepare and protect phase, the respond phase and the review phase of an incident management process, and they have been effective to measure the efficiency as well as the capabilities of corresponding phases. For the detection phase, however, it was found that the safety indicators could only be adapted with great difficulties.

Place, publisher, year, edition, pages
Institutt for telematikk , 2013. , 114 p.
URN: urn:nbn:no:ntnu:diva-20665Local ID: ntnudaim:7495OAI: diva2:616125
Available from: 2013-04-15 Created: 2013-04-15 Last updated: 2013-06-22Bibliographically approved

Open Access in DiVA

fulltext(1422 kB)770 downloads
File information
File name FULLTEXT01.pdfFile size 1422 kBChecksum SHA-512
Type fulltextMimetype application/pdf
cover(184 kB)19 downloads
File information
File name COVER01.pdfFile size 184 kBChecksum SHA-512
Type coverMimetype application/pdf

By organisation
Department of Telematics

Search outside of DiVA

GoogleGoogle Scholar
Total: 770 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 1022 hits
ReferencesLink to record
Permanent link

Direct link