Abstract
This paper aims to enhance the security and resilience of Critical Information Infrastructures (CIIs) by providing a dynamic collaborative, warning and response system (CyberSANE system) supporting and guiding security officers and operators (e.g. Incident Response professionals) to recognize, identify, dynamically analyse, forecast, treat and respond to their threats and risks and handle their daily cyber incidents. The proposed solution provides a first of a kind approach for handling cyber security incidents in the digital environments with highly interconnected, complex and diverse nature.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
West-Brown, M.J., Stikvoort, D., Kossakowski, K.P., Killcrece, G., Ruefle, R.: Handbook for computer security incident response teams (CSIRTs). (No. CMU/SEI-2003-HB-002). Carnegie-Mellon Univ Pittsburgh PA Software Engineering Inst. (2003a)
Wiik, J., Kossakowski, K.P.: Dynamics of incident response. In: 17th Annual FIRST Conference on Computer Security Incident Handling, Singapore (2005)
British Standards Institution. BS ISO/IEC 27035:2011 - Information Technology. Security Techniques. Information Security Incident Management (2011)
Cichonski, P., Scarfone, K.: Computer Security Incident Handling Guide Recommendations. NIST, Gaithersburg (2012). National Institute of Standards and Technology (NIST)
ENISA CSIRTs by Country-Interactive Map. https://www.enisa.europa.eu/topics/csirts-in-europe/csirt-inventory/certs-by-country-interactive-map
Northcutt, S.: Computer Security Incident Handling Version 2.3.1 (2003)
Vangelos, M.: Incident response: managing. In: Encyclopedia of Information Assurance, pp. 1442–1449. Taylor & Francis (2011)
Werlinger, R., Muldner, K., Hawkey, K., Beznosov, K.: Preparation, detection, and analysis: the diagnostic work of it security incident response. Inf. Manag. Comput. Secur. 18(1), 26–42 (2010)
Khurana, H., Basney, J., Bakht, M., Freemon, M., Welch, V., Butler, R.: Palantir: a framework for collaborative incident response and investigation. In: Proceedings of the 8th Symposium on Identity and Trust on the Internet, p. 38e51 (2009)
Grobauer, B., Schreck, T.: Towards incident handling in the cloud. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop (CCSW 10), pp. 77–85 (2010)
Monfared, A., Jaatun, M.G.: Handling compromised components in an IaaS cloud installation. J. Cloud Comput. Adv. Syst. Appl. 1, 16 (2012)
Line, M.B.: A case study: preparing for the smart grids-identifying current practice for information security incident management in the power industry. In: 2013 7 International Conference on IT Security Incident Management and IT Forensics, IT Security Incident Management and IT Forensics (IMF), pp. 26–32. IEEE (2013)
Cusick, J.J., Ma, G.: Creating an ITIL inspired incident management approach: roots, response, and results. In: Network Operations and Management Symposium Workshops (NOMS Wksps) 2010 IEEE/IFIP, pp. 142–148. IEEE (2010)
Connell, A., Palko, T., Yasar, H.: Cerebro: a platform for collaborative incident response and investigation. In: 2013 IEEE International Conference on Technologies for Homeland Security (HST) (2013)
Ahmad, A., Hadgkiss, J., Ruighaver, A.B.: Incident response teams-challenges in supporting the organisational security function. Comput. Secur. 31(5), 643–652 (2012)
Shedden, P., Ahmad, A., Ruighaver, A.B.: Informal learning in security incident response teams. In: 2011 Australasian Conference on Information Systems (2011)
Casey, E.: Investigating sophisticated security breaches. Commun. ACM 49(2), 48–55 (2006)
Nnoli, H., Lindskog, D., Zavarsky, P., Aghili, S., Ruhl, R.: The governance of corporate forensics using COBIT, NIST and increased automated forensic approaches. In: 2012 International Conference on Privacy, Security, Risk and Trust. IEEE (2012)
Tan, T., Ruighaver, T., Ahmad, A.: Incident handling: where the need for planning is often not recognised. In: 1st Australian Computer, Network & Information Forensics Conference (2003)
FireEye. The Need for Speed: 2013 Incident Response Survey (2013)
Grispos, G., Glisson, W.B., Storer, T.: Rethinking security incident response: the integration of agile principles. arXiv preprint arXiv:1408.2431 (2014)
Ab Rahman, N.H., Choo, K.K.R.: A survey of information security incident handling in the cloud. Comput. Secur. 49, 45–69 (2015)
Papastergiou, S., Polemi, D.: Securing maritime logistics and supply chain: the Medusa and MITIGATE approaches. Maritime Interdiction Operations Journal 14(1), 42–48 (2017). Proceedings of 2nd NMIOTIC Conference on Cyber Security. ISSN 2242-441X
Papastergiou, S., Polemi, N.: MITIGATE: a dynamic supply chain cyber risk assessment methodology. In: Yang, X.S., Nagar, A., Joshi, A. (eds.) Smart Trends in Systems, Security and Sustainability. LNNS, vol. 18, pp. 1–9. Springer, Heidelberg (2018). https://doi.org/10.1007/978-981-10-6916-1_1
Kalogeraki, E.-M., Papastergiou, S., Polemi N.: SAURON real-life use cases: terrorists attack a cruise ship berthed at a port facility. In: The 9th NMIOTC Annual Conference “Fostering Projection of Stability through Maritime Security: Achieving Enhanced Capabilities and Operational Effectiveness” 5–7 June 2018 (2018)
Acknowledgements
The authors would like to thank the University of Piraeus Research Centre for its continuous support.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Papastergiou, S., Mouratidis, H., Kalogeraki, EM. (2019). Cyber Security Incident Handling, Warning and Response System for the European Critical Information Infrastructures (CyberSANE). In: Macintyre, J., Iliadis, L., Maglogiannis, I., Jayne, C. (eds) Engineering Applications of Neural Networks. EANN 2019. Communications in Computer and Information Science, vol 1000. Springer, Cham. https://doi.org/10.1007/978-3-030-20257-6_41
Download citation
DOI: https://doi.org/10.1007/978-3-030-20257-6_41
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-20256-9
Online ISBN: 978-3-030-20257-6
eBook Packages: Computer ScienceComputer Science (R0)