Advertisement

Incident Response

  • Izzat Alsmadi
Chapter

Abstract

A security incident is an insider or adversary event that can impact organization assets and compromise their security goals (e.g., confidentiality, integrity, availability, access control).

Bibliography

  1. Bejtlich R (2010) CIRT-level response to advanced persistent threat. SANS Forensics Incident Response SummitGoogle Scholar
  2. Bellovin SM, Landau S, Lin HS (2017) Limiting the undesired impact of cyber weapons: technical requirements and policy implications. J Cybersecur 3(1):59–68. https://doi.org/10.1093/cybsec/tyx001CrossRefGoogle Scholar
  3. Campbell T (2003) An introduction to the computer security incident response team (CSIRT) set-up and operational considerations. Global information assurance certification paper. giac.orgGoogle Scholar
  4. Cichonski P, Millar T, Grance T (NIST), Scarfone K (Scarfone Cybersecurity) (2012) NIST Special publication 800-61, SP 800-61 Rev. 2. Computer security incident handling guide, August 2012Google Scholar
  5. Gennuso K (2012) Shedding light on security incidents using network flows. SANS. https://www.sans.org/reading-room/whitepapers/incident/shedding-light-security-incidents-network-flows-33935
  6. Information security Technologies to Secure Federal Systems (2004) GAO report to congressional requesters. GAO-04-467. www.gao.gov.
  7. InfoSec Nirvana (2015) Part 2, Incident classification, security investigation series. http://infosecnirvana.com/part-2-incident-classification/
  8. Kumari W, McPherson D (2009) Remote triggered black hole filtering with unicast reverse path forwarding (uRPF). Network working group, request for comments: 5635Google Scholar
  9. Lewis L (1993) A case-based reasoning approach to the management of faults in communications networks. CAIAGoogle Scholar
  10. Libicki M (2017) Second acts in cyberspace. J Cybersec 3:29–35Google Scholar
  11. Mehta L (2014) Top 6 SIEM Use Cases—InfoSec Institute. http://resources.infosecinstitute.com/top-6-seim-usecases/. Accessed 6 Sept 2014
  12. Olson L, Blackwell A (1990) Understanding network management with OOA. IEEE network magazineGoogle Scholar
  13. Sang-Hun C (2016) Computer networks in South Korea are paralyzed in cyberattacks. New York Times. http://www.nytimes.com/2013/03/21/world/asia/southkorea-computer-network-crashes.html. Last Accessed 26 June 2016
  14. Trivedi K (2007) A standards-based approach for offering a managed security service in a multivendor network environment. Internet Protocol J 10(3)Google Scholar
  15. Zhang E (2017) What is event correlation, examples, benefits and more. Digi Guardian, https://digitalguardian.com/blog/what-event-correlation-examples-benefits-and-more

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Izzat Alsmadi
    • 1
  1. 1.Texas A&M UniversitySan AntonioUSA

Personalised recommendations