Basic performance parameters for cyberincidents response teams
DOI:
https://doi.org/10.18372/2225-5036.20.7307Keywords:
incident, incident management, cyberincident, information security, CERT, cyberincidents response teams, performance parametersAbstract
The main stages of information security incidents management are responding and investigation. These functions are assigned to specialized teams and centers (such as CERT – Computer Emergency Response Team). The information security level of organization and whole state depends on CERT`s performance. The analysis showed that CERT`s performance assessment is not carried out properly. That’s why in this paper basic performance parameters for cyberincidents response teams – it gives a possibility to assess CERT`s performance during necessary period. The report on these parameters should be performed regularly such as once a week (month, year etc.) to obtain a complete picture of their changes and identify key trends. Using the obtained parameters will enable: to make quick management decisions, evaluate the level of CERT`s specialists, to improve the CERT efficiency, to reduce losses associated with incidents, to improve user productivity, to use staff effectively and others. As well by influencing on the CERT`s specialists actions and their correction can improve information security level of organization and whole state. Further on the basis of these parameters it is planned to develop mathematical models to ensure continuous improvement of the cyberincidents management.References
ISO / IEC 27035:2011, Information technology – Security techniques – Information security incident management. — 2011. — 78 p.
Гнатюк В.О. Аналіз дефініцій поняття «інцидент» та його інтерпретація у кіберпросторі // В.О. Гнатюк / Безпека інформації. − №3 (19). – 2013. − С. 175-180.
Computer Emergency Response Team of Ukraine [Електронний ресурс]. - Режим доступу: http://cert.gov.ua/?page_id=207. (04.06.14)
Бон Я.В. ИТ Сервис-менеджмент, введение / под ред. Яна Ван Бона; пер. с англ. осуществлен компанией «IT Expert», 2003. – 240 с.
Брукс П. Метрики для управления ИТ-услугами / П. Брукс; пер. с англ. – М.: Альпина Бизнес Букс, 2008. – 283 с.
ITIL. Поддержка услуг. — М.: Ай-Теко, 2009. — 418 с.
Downloads
Published
How to Cite
Issue
Section
License
The scientific journal "Information Security" adheres to the principles of open science and provides free, free and permanent access to all published materials. The goal of the policy is to increase the visibility, citation and impact of the results of scientific research in the field of information security. The journal works according to the principles of Open Access and does not charge a fee for access to published articles.
All articles are published in Open Access under the Creative Commons Attribution 4.0 International (CC BY 4.0) license.
Copyright
Authors who publish their works in the journal “Information Security”:
-
retain the copyright to their publications;
-
grant the journal the right of first publication of the article;
-
agree to the distribution of their materials under the CC BY 4.0 license;
-
have the right to reuse, archive, and distribute their works (including in institutional and subject repositories), provided that proper reference is made to the original publication in the journal.
