Model-based incident response playbooks

Shaked, Avraham, Cherdantseva, Yulia ORCID: https://orcid.org/0000-0002-3527-1121 and Burnap, Peter ORCID: https://orcid.org/0000-0003-0396-633X 2022. Model-based incident response playbooks. Presented at: ARES 2022: The 17th International Conference on Availability, Reliability and Security, 23-26 August 2022. ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and Security. New York: Association for Computing Machinery, 10.1145/3538969.3538976

Preview

PDF - Accepted Post-Print Version Download (560kB) | Preview

Abstract

Inevitably, all systems are vulnerable, and none are impervious to attack. Incident response is an important element in maintaining the cyber security posture of organizations. Incident response practitioners often rely on process descriptions in the form of playbooks as recipes for handling incidents as they occur. However, current practices and mechanisms do not offer a disciplined approach to designing and representing playbooks, risking the effectiveness of the playbooks in directing and coordinating incident response. In this paper, we propose a formal, model-based design approach to designing cyber security incident response playbooks. We provide a tool prototype for the approach, developed using the Eclipse framework, and demonstrate how it can accommodate playbooks. Finally, we discuss how the approach can improve aspects of incident response throughout its lifecycle, by correctly prescribing and coordinating response actions as well as supporting organizational learning.

Item Type:	Conference or Workshop Item (Paper)
Date Type:	Publication
Status:	Published
Schools:	Computer Science & Informatics
Publisher:	Association for Computing Machinery
ISBN:	97814503-96707
Funders:	EPSRC Grant number EP/V038710/1
Date of First Compliant Deposit:	8 February 2024
Date of Acceptance:	1 June 2022
Last Modified:	12 Mar 2024 02:30
URI:	https://orca.cardiff.ac.uk/id/eprint/166209

Actions (repository staff only)

Edit Item