Phase II: Evaluation

CHAPTER 5: CONCEPTUAL MODELLING 5.1. Introduction

5.4. Applicability of Communication Protocols to ISIM

118

interpret the incident report. By applying the existing information and further tools (e.g., vulnerability analysis and impact assessment) and their perceptions and comprehension of the current situation, the ISIRT teams will also make a projection of succeeding incidents that will support the planning, preparation and lesson learning processes of ISIM. This is an internal communication between the team members within ISIRT. Thereafter, the ISIRT will communicate the assessments, responses and decisions made to the wider community in the system, thereby increasing the participation of all stakeholders. The framing shows that incident communication is possible among users thereby supporting a shared understanding of an information security incident.

While the application of situational awareness is useful in multi-actor contexts, the integration of communication mechanisms has been considered a critical factor in enhancing situational awareness in an interactive manner (Bolstad et al., 2004). The next subsections explore the coordination of communication efforts in tandem with situational awareness to address the key challenges identified by the exploratory study.

119

& British Columbia Campus, 2020). It is out of the scope of this research to incorporate societal and cultural perspectives that may impact communication.

The IMC is an advanced system as it contemplates the setting of the communication which could affect the interaction through a shared field of experience (see Figure 5-4). The IMC by its nature is circular where it iterates from the sender to the receiver. Schramm (1954) embodied the idea that communication is a recursive process by nature in which the communication elements (sender, message, receiver and feedback) interact in an engaging manner. In the circular model, a certain message could be encoded and decoded by the sender and the receiver in a continuous cycle that enables a two-way interchange of messages to enhance communication (Janowitz, 1961).

The IMC was selected for this study as it is mostly applied in digital and internet-based communication where people can engage and provide feedback in the communication process (Businesstopia, 2018 & UOM, 2019). The IMC highlights that communication eventually creates an impact on the receiver’s side in terms of mutual sharing of information and assessment, and it supports two-way communication (Sapienza, Iyer, & Veenstra, 2015). Thus, consistent with the core research problem and the contextual factors, the IMC was integrated within the conceptual framework as a communication protocol.

Communication models such as the IMC were utilised and are functional within the context of information communication technologies ( Lovászová & Michaličková, 2016; Noskova & et.

al., 2016; Moise, 2008; Velten & Arif, 2016). Nonetheless, the application of communication models within teams is considered to be very poor (Chen et al., 2014). Valecha et al. (2012) applied the Schramm’s communication model to structure the communication reports of emergency services by introducing a model for a messaging system which defines the framework of a message and standardises the message format with the intention of sharing it with other departments.

Steinke et al. (2015) indicated that the performance of cyber security incident response teams may be enhanced with team adaption, communication, problem-solving, trust and shared knowledge. Effective communication is crucial, specifically during handoffs, during the

120

response process. They go on to state that there are few directions to improving the communication process, except for checklists and mnemonics.

The fundamental reason in applying a communication model, particularly the IMC, (see Figure 5-4) is to improve the communication of information security incidents, practices and events in a collaborative approach. The model aims to demonstrate the interchange of information and messages that take place from sender to receiver and vice versa (Schramm, 1954). The IMC considers the communicators’ fields of experience. The more their field of experience matches, the greater the shared interaction between the communicators (Wood, 2014). In IMC, “if everyone were to have the same experiences, all messages would be encoded, transmitted, and decoded alike” (Jossey, 1999, p. 2).

Figure 5-4: Interactive Model of Communication (adapted from Schramm, (1954))

Effective utilisation of the IMC model in ISIM is also dependent on the communication skills and technical capabilities of both the sender and the receiver and it is referred to as the ‘field of experience’. There could also be hindrances to communication such as the physical, process, semantic and psychosocial barriers (Lunenburg, 2010). The model supports and eases exchange of information and management of incidents among stakeholders regarding encountered events, which can possibly answer the “What”, “When” and “Who” aspects of an incident.

Users in organisations prefer to engage and report their routine operations using interactive or digital means of communication rather than conventional ways of communication (Nordby, 2011). The application of the IMC model in organisations for information security can also best fit the problem raised because IMC deals with sharing of experience and organisations are converging towards digital communication (Padayachee & Worku, 2020). The IMC model also enables users to iteratively share their experiences which enhances shared awareness among users (Lumen Learning, 2016).

121

In this study, the model encompasses the communication of incident information from one sender (user) to another (receiver) which will be encoded and stored in the system. Then, ISIRT will assess, evaluate, and disseminate the incident information. To support this interactive communication, various parties within the system may have diverse requirements regarding incident information and they may use the incident information according to their specific concern. Thus, the specialised requirements of incident information should be managed through distinct roles in their tasks at the organisation. Applying a role-based access control for incident information is especially important both in access and maintaining the functionality of the ISIM processes. Therefore, this study also considers using role-based access control to filter incident information as a tier within the model. As the applicability of the concepts underpinning the model, that is, situational awareness, IMC and the role-based access control mechanism to incident information was unpacked in the preceding sections, the next section is primed to present the derivation of the conceptual model.