The future of information security incident management training: A case study of electrical power companies. Issue 61 (August 2016)
- Record Type:
- Journal Article
- Title:
- The future of information security incident management training: A case study of electrical power companies. Issue 61 (August 2016)
- Main Title:
- The future of information security incident management training: A case study of electrical power companies
- Authors:
- Bartnes, Maria
Moe, Nils Brede
Heegaard, Poul E. - Abstract:
- Abstract: Recent attacks and threat reports indicate that industrial control organizations are attractive targets for attacks. Emerging threats create the need for a well-established capacity for responding to unwanted incidents. Such a capacity is influenced by organizational, human, and technological factors. We have conducted extensive fieldwork for 2.5 years in Norwegian electric power companies with the aim of identifying challenges for improving information security incident management practices. Semi-structured interviews, document analysis, a survey and participant observations have been performed as part of this case study. We describe how training for responding to information security incidents is given low priority and that different types of personnel, such as business managers and technical personnel, have different perspectives and priorities in regard to information security. Moreover, there is a gap in how IT staff and control system staff understand information security. Furthermore, cross-functional teams need to be created to ensure a holistic view during the incident response process. To improve the capacity for responding to incidents, organizations need regular training sessions and systematic evaluations after such sessions. There is also the potential for improvement in evaluating minor incidents. A transition from an ad hoc approach to a systematic approach in training and learning requires a reorientation not only by the electric power companiesAbstract: Recent attacks and threat reports indicate that industrial control organizations are attractive targets for attacks. Emerging threats create the need for a well-established capacity for responding to unwanted incidents. Such a capacity is influenced by organizational, human, and technological factors. We have conducted extensive fieldwork for 2.5 years in Norwegian electric power companies with the aim of identifying challenges for improving information security incident management practices. Semi-structured interviews, document analysis, a survey and participant observations have been performed as part of this case study. We describe how training for responding to information security incidents is given low priority and that different types of personnel, such as business managers and technical personnel, have different perspectives and priorities in regard to information security. Moreover, there is a gap in how IT staff and control system staff understand information security. Furthermore, cross-functional teams need to be created to ensure a holistic view during the incident response process. To improve the capacity for responding to incidents, organizations need regular training sessions and systematic evaluations after such sessions. There is also the potential for improvement in evaluating minor incidents. A transition from an ad hoc approach to a systematic approach in training and learning requires a reorientation not only by the electric power companies but also by management. We found that learning to learn will enable the organizations to improve their incident response practices. … (more)
- Is Part Of:
- Computers & security. Issue 61(2016)
- Journal:
- Computers & security
- Issue:
- Issue 61(2016)
- Issue Display:
- Volume 61, Issue 61 (2016)
- Year:
- 2016
- Volume:
- 61
- Issue:
- 61
- Issue Sort Value:
- 2016-0061-0061-0000
- Page Start:
- 32
- Page End:
- 45
- Publication Date:
- 2016-08
- Subjects:
- Information security -- Incident management -- Incident response -- Cross-functional teams -- Learning to learn
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2016.05.004 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 1.xml