Abstract
IT-security lacks the equivalent of an Air Safety Reporting System. Yet, the current trend to outsource security processes might be the birth of a Cyber Security Reporting System – CSRS. A necessary condition for providers of security services to evolve toward a CSRS is successful quality management. The increasing demand for “fire-fighting” – deriving from the growth in number and sophistication of attacks and the decline in the expertise of the average system administrator – pushes farther and farther away from “fire-prevention.” But growth of insight, and its codification and communication are prerequisites for even the most rudimentary CSRS. Studies show that few attempts to implement quality improvement processes succeed; yet, successful quality management provides decisive competitive advantage. System dynamics studies of quality management have identified causes of implementation failure and provided guidance for success. Transferring these lessons to security service organizations is a promising path toward the vision of a CSRS.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Perrow, C.: Normal accidents: living with high-risk technologies. Princeton University Press, Princeton (1999); Original pub., Basic Books, New York ( c1984)
Reason, J.: Managing the Risks of Organizational Accidents. Ashgate Publishing Ltd., Aldershot (1997)
Schneier, B.: Secrets and Lies: Digital Security in a Networked World. John Wiley & Sons, Inc., New York (2000)
Andersen, D.F., et al.: Preliminary System Dynamics Maps of the Insider Cyber-threat Problem. In: Twenty Second International Conference of the System Dynamics Society, Oxford, UK (2004)
Spitzner, L.: Honeypots: Tracking Hackers. Addison-Wesley Publishing Company, Boston (2003)
The Honeynet Project, 2nd edn. Know Your Enemy: Learning About Security Threats. Addison-Wesley Publishing Company, Boston (2004)
Killcrece, G., et al.: State of the practice of Computer Security Incident Response Teams, CSIRTs (2003), [cited 2005 24 February]; Available from, http://www.cert.org/archive/pdf/03tr001.pdf
Killcrece, G., et al.: Organizational Models for Computer Security Incident Response Teams, CSIRTs (2003), [cited 2005 23 February]; Available from, http://www.sei.cmu.edu/pub/documents/03.reports/pdf/03hb001.pdf
Easton, G.S., Jarrell, S.L.: The effects of total quality management on corporate performance: An empirical investigation. Journal of Business 71(2), 253–307 (1998)
Hendricks, K.B., Singhal, V.R.: Quality awards and the market value of the firm: An empirical investigation. Management Science 42(3), 415–436 (1996)
Hendricks, K.B., Singhal, V.R.: Does implementing an effective TQM program actually improve operating performance? Empirical evidence from firms that have won quality awards. Management Science 47(9), 1258–1274 (1997)
Hendricks, K.B., Singhal, V.R.: Firm characteristics, total quality management, and financial performance. Journal of Operations Management 19(3), 269–285 (2001)
Repenning, N.R., Sterman, J.D.: Nobody ever gets credit for fixing problems that never happened. California Management Review 43(4), 64–88 (2001)
Wiik, J., Gonzalez, J.J.: Limits to effectiveness of Computer Security Incident Response Teams (CSIRTs). In: TwentyThird International Conference of the System Dynamics Society. The System Dynamics Society, Boston (2005)
Sawicka, A., Gonzalez, J.J., Qian, Y.: Managing a CSIRT. In: Twenty Third International Conference of the System Dynamics Society, Boston, USA (2005)
Wiik, J., Kossakowski, K.-P.: Dynamics of CSIRT Management. In: Seventeenth Annual FIRST Conference on Computer Security Incident Handling, Singapore: FIRST (2005)
Sterman, J.D.: Business Dynamics: Systems Thinking and Modeling for a Complex World. Irwin/McGraw-Hill (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gonzalez, J.J. (2005). Towards a Cyber Security Reporting System – A Quality Improvement Process. In: Winther, R., Gran, B.A., Dahll, G. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2005. Lecture Notes in Computer Science, vol 3688. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11563228_28
Download citation
DOI: https://doi.org/10.1007/11563228_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-29200-5
Online ISBN: 978-3-540-32000-5
eBook Packages: Computer ScienceComputer Science (R0)