Advertisement

IT Security Vulnerability and Incident Response Management

  • Wim Hafkamp

Abstract

This paper summarises the results of a Dutch PhD research project on IT security vulnerability and incident response management, which is supervised by the University of Twente in the Netherlands and which is currently in its final stage. Vulnerabilities are ‘failures or weaknesses in computer (application) system design, implementation or operation which can be exploited to violate the security policy defined for that system’. Incidents are defined as ‘events that have actual or potentially adverse effects on computer or network operations resulting in fraud, waste or abuse, compromise of information or loss or damage of property of information’. Hacking, denial-of-service attacks and computer viruses are examples of such events. The research project identifies a number of shortcomings in IT service management processes which affect the speed and quality of IT security vulnerability and incident response processes in enterprises. To shorten the lifecycle of vulnerabilities organizations should implement three basic process elements: (1) filtering and analyzing of vulnerability announcements and alerts, (2) prioritizing of vulnerability response activities and (3) scanning of infrastructure components. Each of these steps can be related to specific IT service management processes and to IT security incident management in particular. Using checklists, procedures and dedicated response capabilities, IT organizations are able to faster detect and respond to incidents.

Keywords

Intrusion Detection System Security Vulnerability Security Incident Incident Management Incident Response 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [ADKRO4]
    Alberts C. et al., Defining Incident Management Processes for CSIRTs: A Work in Progress, Carnegy Mellon University / Software Engineering Institute, Pittburgh U.S.A., 2004Google Scholar
  2. [BARTO1]
    Bartlett J. et al, Best Practice for Service Delivery, The Stationary Office, Norwich U.K., 2001Google Scholar
  3. [BaseOO]
    Bace R., Intrusion Detection, MacMillan Technical Publishing, Indianapolis U.S.A., 2000Google Scholar
  4. [BERKOO]
    Berkhout M. et al, Best Practise for Service Support, The Stationary Office, Norwich U.K., 2000Google Scholar
  5. [CMUSOO]
    Allen J. et al., State of the Practise of Intrusion Detection Technologies, Technical Report, Carnegy Mellon University / Software Engineering Institute, Pittsburgh U.S.A., 2000Google Scholar
  6. [Denn87]
    Denning D., An Intrusion-Detection Model, IEEE Transactions on Software Engineering, Vol. SE-13, No. 2, February 1987Google Scholar
  7. [KillO3]
    Killcrece G. et al., Organizational models for Computer Security Incident Teams, Carnegie Mellon Sofware Engineering Institute, Pittsburgh U.S.A., 2003Google Scholar
  8. [MAPRO1]
    Mandia K. & Prosise C., Incident Response, investigating computer crime, McGraw-Hill, U.S.A., 2001Google Scholar
  9. [NicoO3]
    Nicolett M., Vulnerability Management Defined, Gartner research note, available at http://www.gartner.com, September 2003
  10. [OUUNO3]
    Oulu University Secure Programming Group, Communication in the Software Vulnerability Reporting Process, available at http://www.ee.oulu.fi/researcblouspg, 2003
  11. [WESKO3]
    West-Brown M. J. et al, Handbook for Computer Security Incident Response Teams, Second Edition, Carnegie Mellon University / Software Engineering Institute, Pittsburgh U.S.A, 2003Google Scholar

Copyright information

© Friedr. Vieweg & Sohn Verlag | GWV-Fachverlage GmbH, Wiesbaden 2006

Authors and Affiliations

  • Wim Hafkamp
    • 1
  1. 1.Rabobank NederlandUniversity of TwenteThe Netherlands

Personalised recommendations