Skip to main content
SpringerLink
Log in

Cyber Security Incident Handling, Warning and Response System for the European Critical Information Infrastructures (CyberSANE)

  • Conference paper
  • First Online:
Engineering Applications of Neural Networks (EANN 2019)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1000))

Abstract

This paper aims to enhance the security and resilience of Critical Information Infrastructures (CIIs) by providing a dynamic collaborative, warning and response system (CyberSANE system) supporting and guiding security officers and operators (e.g. Incident Response professionals) to recognize, identify, dynamically analyse, forecast, treat and respond to their threats and risks and handle their daily cyber incidents. The proposed solution provides a first of a kind approach for handling cyber security incidents in the digital environments with highly interconnected, complex and diverse nature.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. West-Brown, M.J., Stikvoort, D., Kossakowski, K.P., Killcrece, G., Ruefle, R.: Handbook for computer security incident response teams (CSIRTs). (No. CMU/SEI-2003-HB-002). Carnegie-Mellon Univ Pittsburgh PA Software Engineering Inst. (2003a)

    Google Scholar 

  2. Wiik, J., Kossakowski, K.P.: Dynamics of incident response. In: 17th Annual FIRST Conference on Computer Security Incident Handling, Singapore (2005)

    Google Scholar 

  3. British Standards Institution. BS ISO/IEC 27035:2011 - Information Technology. Security Techniques. Information Security Incident Management (2011)

    Google Scholar 

  4. Cichonski, P., Scarfone, K.: Computer Security Incident Handling Guide Recommendations. NIST, Gaithersburg (2012). National Institute of Standards and Technology (NIST)

    Book  Google Scholar 

  5. ENISA CSIRTs by Country-Interactive Map. https://www.enisa.europa.eu/topics/csirts-in-europe/csirt-inventory/certs-by-country-interactive-map

  6. Northcutt, S.: Computer Security Incident Handling Version 2.3.1 (2003)

    Google Scholar 

  7. Vangelos, M.: Incident response: managing. In: Encyclopedia of Information Assurance, pp. 1442–1449. Taylor & Francis (2011)

    Google Scholar 

  8. Werlinger, R., Muldner, K., Hawkey, K., Beznosov, K.: Preparation, detection, and analysis: the diagnostic work of it security incident response. Inf. Manag. Comput. Secur. 18(1), 26–42 (2010)

    Article  Google Scholar 

  9. Khurana, H., Basney, J., Bakht, M., Freemon, M., Welch, V., Butler, R.: Palantir: a framework for collaborative incident response and investigation. In: Proceedings of the 8th Symposium on Identity and Trust on the Internet, p. 38e51 (2009)

    Google Scholar 

  10. Grobauer, B., Schreck, T.: Towards incident handling in the cloud. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop (CCSW 10), pp. 77–85 (2010)

    Google Scholar 

  11. Monfared, A., Jaatun, M.G.: Handling compromised components in an IaaS cloud installation. J. Cloud Comput. Adv. Syst. Appl. 1, 16 (2012)

    Article  Google Scholar 

  12. Line, M.B.: A case study: preparing for the smart grids-identifying current practice for information security incident management in the power industry. In: 2013 7 International Conference on IT Security Incident Management and IT Forensics, IT Security Incident Management and IT Forensics (IMF), pp. 26–32. IEEE (2013)

    Google Scholar 

  13. Cusick, J.J., Ma, G.: Creating an ITIL inspired incident management approach: roots, response, and results. In: Network Operations and Management Symposium Workshops (NOMS Wksps) 2010 IEEE/IFIP, pp. 142–148. IEEE (2010)

    Google Scholar 

  14. Connell, A., Palko, T., Yasar, H.: Cerebro: a platform for collaborative incident response and investigation. In: 2013 IEEE International Conference on Technologies for Homeland Security (HST) (2013)

    Google Scholar 

  15. Ahmad, A., Hadgkiss, J., Ruighaver, A.B.: Incident response teams-challenges in supporting the organisational security function. Comput. Secur. 31(5), 643–652 (2012)

    Article  Google Scholar 

  16. Shedden, P., Ahmad, A., Ruighaver, A.B.: Informal learning in security incident response teams. In: 2011 Australasian Conference on Information Systems (2011)

    Google Scholar 

  17. Casey, E.: Investigating sophisticated security breaches. Commun. ACM 49(2), 48–55 (2006)

    Article  Google Scholar 

  18. Nnoli, H., Lindskog, D., Zavarsky, P., Aghili, S., Ruhl, R.: The governance of corporate forensics using COBIT, NIST and increased automated forensic approaches. In: 2012 International Conference on Privacy, Security, Risk and Trust. IEEE (2012)

    Google Scholar 

  19. Tan, T., Ruighaver, T., Ahmad, A.: Incident handling: where the need for planning is often not recognised. In: 1st Australian Computer, Network & Information Forensics Conference (2003)

    Google Scholar 

  20. FireEye. The Need for Speed: 2013 Incident Response Survey (2013)

    Google Scholar 

  21. Grispos, G., Glisson, W.B., Storer, T.: Rethinking security incident response: the integration of agile principles. arXiv preprint arXiv:1408.2431 (2014)

  22. Ab Rahman, N.H., Choo, K.K.R.: A survey of information security incident handling in the cloud. Comput. Secur. 49, 45–69 (2015)

    Article  Google Scholar 

  23. Papastergiou, S., Polemi, D.: Securing maritime logistics and supply chain: the Medusa and MITIGATE approaches. Maritime Interdiction Operations Journal 14(1), 42–48 (2017). Proceedings of 2nd NMIOTIC Conference on Cyber Security. ISSN 2242-441X

    Google Scholar 

  24. Papastergiou, S., Polemi, N.: MITIGATE: a dynamic supply chain cyber risk assessment methodology. In: Yang, X.S., Nagar, A., Joshi, A. (eds.) Smart Trends in Systems, Security and Sustainability. LNNS, vol. 18, pp. 1–9. Springer, Heidelberg (2018). https://doi.org/10.1007/978-981-10-6916-1_1

    Chapter  Google Scholar 

  25. Kalogeraki, E.-M., Papastergiou, S., Polemi N.: SAURON real-life use cases: terrorists attack a cruise ship berthed at a port facility. In: The 9th NMIOTC Annual Conference “Fostering Projection of Stability through Maritime Security: Achieving Enhanced Capabilities and Operational Effectiveness” 5–7 June 2018 (2018)

    Google Scholar 

Download references

Acknowledgements

The authors would like to thank the University of Piraeus Research Centre for its continuous support.

Author information

Authors and Affiliations

  1. Department of Informatics, University of Piraeus, 80 Karaoli and Dimitriou Str., 18534, Piraeus, Greece

    Spyridon Papastergiou & Eleni-Maria Kalogeraki

  2. School of Computing, Engineering and Mathematics, University of Brighton, Brighton, BN2 4GJ, UK

    Haralambos Mouratidis

Authors
  1. Spyridon Papastergiou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Haralambos Mouratidis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Eleni-Maria Kalogeraki
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Spyridon Papastergiou .

Editor information

Editors and Affiliations

  1. David Goldman Informatics Centre, University of Sunderland, Sunderland, UK

    John Macintyre

  2. Democritus University of Thrace, Xanthi, Greece

    Lazaros Iliadis

  3. University of Piraeus, Piraeus, Greece

    Ilias Maglogiannis

  4. Oxford Brookes University, Oxford, UK

    Chrisina Jayne

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Papastergiou, S., Mouratidis, H., Kalogeraki, EM. (2019). Cyber Security Incident Handling, Warning and Response System for the European Critical Information Infrastructures (CyberSANE). In: Macintyre, J., Iliadis, L., Maglogiannis, I., Jayne, C. (eds) Engineering Applications of Neural Networks. EANN 2019. Communications in Computer and Information Science, vol 1000. Springer, Cham. https://doi.org/10.1007/978-3-030-20257-6_41

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-20257-6_41

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-20256-9

  • Online ISBN: 978-3-030-20257-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation