Abstract
The number of threats and vulnerabilities has increased rapidly in recent years. For this reason, organizations are in need of providing improvements in their computer security incident management (CSIM), in order to safeguard their intellectual capital. Therefore, the identification and use of both metrics and indicators are a crucial factor to manage security incidents. In this context, organizations try to improve their level of CSIM based on standards or only according to their criteria based on their experience. This article aims at carrying out a systematic mapping study of academic articles conducted in this research area, in order to present a document that describes metrics and indicators of security incidents in organizations. The results of this work show and describe several key indicators and metrics related to the cost, quality, and service (time) involved in dealing with such incidents. Also, it is expected that this study serves as a strategic reference for organizations.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Miloslavskaya, N.: Security operations centers for information security incident management. In: 2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud), pp. 131–136 (2016)
Bernsmed, K., Tondel, I.A.: Forewarned is forearmed: indicators for evaluating information security incident management. In: 2013 IEEE Seventh International Conference on IT Security Incident Management and IT Forensics, pp. 3–14 (2013)
Hajdarevic, K., Allen, P.: A new method for the identification of proactive information security management system metrics. In: 2013 IEEE 36th International Convention on Information & Communication Technology Electronics & Microelectronics (MIPRO), pp. 1121–1126. (2013)
Thomson, W., Kelvin, L.: Baltimore Lectures. CJC a. Sons, Ed., London (1904)
Petersen, K., Vakkalanka, S., Kuzniarz, L.: Guidelines for conducting systematic mapping studies in software engineering: an update. Inf. Softw. Technol. 64, 1–18 (2015)
Elberzhager, F., Münch, J., Nha, V.T.N.: A systematic mapping study on the combination of static and dynamic quality assurance techniques. Inf. Softw. Technol. 54(1), 1–15 (2012)
Miani, R.S., Zarpelao, B.B., Sobesto, B., Cukier, M.: A practical experience on evaluating intrusion prevention system event data as indicators of security issues. In: 2015 IEEE 34th Symposium on Reliable Distributed Systems (SRDS), pp. 296–305 (2015)
Boutaba, R., Salahuddin, M.A., Limam, N., Ayoubi, S., Shahriar, N., Estrada-Solano, F., Caicedo, O.M.: A comprehensive survey on machine learning for networking: evolution, applications and research opportunities. J. Internet Serv. Appl. 9(1), 16 (2018)
Senk, C.: Adoption of security as a service. J. Internet Serv. Appl. 4(1), 11 (2013)
Takamura, E., Mangum, K., Wasiak, F., Gomez-Rosa, C.: Information security considerations for protecting NASA mission operations centers (mocs). In: 2015 IEEE Aerospace Conference, pp. 1–14 (2015)
Skopik, F., Wurzenberger, M., Settanni, G., Fiedler, R.: Establishing national cyber situational awareness through incident information clustering. In: 2015 IEEE International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), pp. 1–8 (2015)
Zieger, A., Freiling, F., Kossakowski, K.P.: The β-time-to-compromise metric for practical cyber security risk estimation. In: 2018 IEEE 11th International Conference on IT Security Incident Management & IT Forensics (IMF). pp. 115–133 (2018)
Bustamante, F., Fuertes, W., Díaz, P., Toulkeridis, T.: Integration of IT frameworks for the management of information security within industrial control systems providing metrics and indicators. In: 2017 IEEE XXIV International Conference on Electronics, Electrical Engineering and Computing (INTERCON), pp. 1–4 (2017)
Munro, J.K.: Application of security metrics to instrument systems that use distributed processing. In: Future of Instrumentation International Workshop (FIIW), 2011, pp. 5–8 (2011)
Stouffer, K., Falco, J., Scarfone, K.: Guide to industrial control systems (ICS) security. NIST Spec. Publ. 800(82), 16 (2011)
Rose, K.H.: A guide to the Project Management Body of Knowledge (PMBOK® Guide)—Fifth Edition. Proj. Manag. J. 44(3), e1–e1 (2013)
Lloyd, V.: ITIL Continual Service Improvement (Best Management Practices). The Stationery Office (2011)
ISACA: COBIT 5: A business framework for the governance and management of enterprise IT. ISACA (2012)
McQueen, M.A., Boyer, W.F., Flynn, M.A., Beitel, G.A.: Time-to-compromise model for cyber risk reduction estimation. In: Quality of Protection, pp. 49–64. Springer (2006)
Øien, K., Massaiu, S., Tinmannsvik, R.K.: Guideline for implementing the REWI method; Resilience based Early Warning Indicators. SINTEF report A 22026 (2012)
Information Technology—Security Techniques—Information Security Incident Management. Standard, International Organization for Standardization, Geneva, CH (2011)
Cichonski, P., Millar, T., Grance, T., Scarfone, K.: Computer security incident handling guide. NIST Spec. Publ. 800(61), 1–147 (2012)
ANSI/ISA: Security for Industrial Automation and Control Systems Part 1: Terminology, Concepts & Models. Tech. rep., American National Standards Institute/International Society of Automation (ANSI/ISA) (2007)
ANSI/ISA: Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program. Tech. rep., American National Standards Institute/International Society of Automation (ANSI/ISA) (2009)
ISO/IEC: Information Technology—Security Techniques—Information Security Management—Measurement (ISO/IEC 27004: 2009). ISO/IEC (2009)
Chew, E., Swanson, M., Stine, K., Bartol, N., Brown, A., Robinson, W.: NIST Special Publication 800–55 Revision 1. Performance Measurement Guide for Information Security, National Institute of Standards and Technology, US Department of Commerce. Computer Division, Gaithersburg, MD 20899, 8930 (2008)
Verdugo, R.P.: Estado de las tecnologías de la información y la comunicación en las universidades ecuatorianas. CEDIA (2017)
Acknowledgements
The authors would like to thank the financial support of the Ecuadorian Corporation for the Development of Research and the Academy (RED CEDIA) in the development of this work, under Research Team GT-II-Cybersecurity.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Cadena, A. et al. (2020). Metrics and Indicators of Information Security Incident Management: A Systematic Mapping Study. In: Rocha, Á., Pereira, R. (eds) Developments and Advances in Defense and Security. Smart Innovation, Systems and Technologies, vol 152. Springer, Singapore. https://doi.org/10.1007/978-981-13-9155-2_40
Download citation
DOI: https://doi.org/10.1007/978-981-13-9155-2_40
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-9154-5
Online ISBN: 978-981-13-9155-2
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)