RESEARCH ROADMAP
CHAPTER 2: LITERATURE REVIEW 2.1. Introduction
2.4. Information Security Incident Management Standards Framework
26
employees of an organisation are required to work in a collaborative, dynamic and coordinated manner in order to manage these challenges (Line et al., 2016). Consequently, since effective communication mechanisms are critical to obtain relevant situational awareness (Linderoth et al., 2015), this research study aims to explore how organisations manage and harmonise awareness and communication efforts in ISIM as a foundation for suggesting a conceptual model to respond to these core challenges.
2.4. Information Security Incident Management Standards
27
According to Cichonski et.al., (2012), ISIM consists of the following phases:
• Preparation
• Detection and Analysis
• Containment, Eradication and Recovery
• Post-incident activity
• Coordination and information sharing
Table 2-1 shows the standards and the associated processes applied to ISIM. The NIST standard has four overarching processes such as preparation, detection and analysis, containment, eradication and recovery and post-incident activity. The ISO/IEC 27001 standard applies the PDCA approach to plan, do, check, and act in the management of information security incidents. The COBIT framework “requires a great deal of knowledge to understand its framework before it could be applied as a tool to support IT governance” (Zhang & Lefever, 2013, p.391). The ISO/IEC 27035 framework, one of the contemporary standards in ISIM, involves five processes to properly manage incidents in organisations. The ITIL standard focuses on standardisation and IT services.
Table 2-1: ISIM Standards, Aims, Processes and Characteristics.
Standards for ISIM
Description Processes for the Standard References NIST “The standard considers the
process of containment, eradication and recovery”
-Preparation
-Detection and Analysis -Containment, Eradication and Recovery
-Post-incident activity
(Cichonski et al., 2012).
ISO/IEC 27001 -The standard enables organisations to manage security incidents
- “The standard is generic and the assessment and handling of information security risks are tailored to the requirements of the organisation”.
-Plan (Establish ISIM) -Do (Maintain
-Check (Monitor and review)
-Act (Implement & Operate)
(ISO/IEC, 2005)
ISO/IEC 27035 -The ISIM processes are defined based on structured approach from planning to implementation.
-Each ISIM process is distinct - “The standard presents basic theories and stages of information security incident
-Planning and Preparation -Detection and Reporting -Assessment
-Response -Lessons Learnt
(ISO/IEC, 2016)
28 Standards for
ISIM
Description Processes for the Standard References management and incorporates
these concepts with principles in a structured approach to detecting, reporting, assessing, and responding to incidents, and applying lessons learnt”.
COBIT -Support separate IT
governance from the management
-Focus on regulatory compliance and risk management and management of IT assets
-Planning & Organisation -Delivering and Support
-Acquiring &
Implementation
-Monitoring & Evaluating
(ISACA, 2012)
ITIL “The framework outlines best practices for delivering IT services”.
ITIL is a systematic approach to manage risk, strengthen customer relations, establish cost-effective practice and build stable IT environment.
-Plan -Implement -Evaluate -Maintain
(Zhang &
Lefever, 2013)
The NIST (National Institute of Standards and Technology) “comprises of the phases of preparation, detection and analysis, containment, eradication and recovery and post-incident activity” (Cichonski et al., 2012, p.21). The NIST guideline is comparable to the ISO/IEC standard and NIST Special Publication 800-61 “Computer Security Incident Handling Guide”
(Scarfone et al., 2008).
ISO/IEC 27001
According to the ISO/IEC 27001 family of standards (ISO/IEC, 2005), ISIM is crucial for improved compliance, senior management involvement, improved effectiveness and staff responsibility in the proactive management of information security incidents in organisations.
The ISO/IEC 27001 family of standards framework applies a Plan, Do, Check and Act (PDCA) model, taking into consideration the requirements of the organisation and the interested parties, through required processes and actions, to meet the requirements and expectations from the stakeholders (ISO/IEC, 2005; Proença & Borbinha, 2018).
29 ISO/IEC 27035
There is an information security incident standard (ISO/IEC, 2016) that is a well-recognised information security standard applied by organisations to manage, report and handle security incidents. The standards have the option to structurally manage incidents in terms of planning, preparation for incident report, actions to take when incidents arises and learning from previous incidents as part of lesson learning (Tøndel et al., 2014). This standard will be discussed in more detail in Section 2.5 as it underpins the conceptual model presented in the study at hand.
COBIT (Control Objectives for Information and Related Technologies)
The COBIT framework was created by the Information Systems Audit and Control Association (ISACA, 2012). The framework was developed as an assistive guideline for organisational managers which can potentially address critical issues such as business risks, technical issues and controlling requirements. It is a standard framework that can be adapted in any organisational context. Thus, COBIT can ensure that organisations retain their reliability, quality and control of information systems which is a critical business aspect of organisations (ISACA, 2012). The COBIT incident framework enables organisations to ensure effective incident management and governance through its processes.
The ITIL (Information Technology Infrastructure Library) aims to standardise the selection, planning and maintenance of IT services and focuses more on the technical standardisation and collaboration of stakeholders ( Hunnebeck & ITIL, 2011). It is one of the applied standards in organisations to promote quality service management and computing services, and is utilised in the implementation of security incidents. ITIL is a standard guideline framework for providing Information Technology services which can support organisations in managing business risk, enhancing customer relations and developing an Information and Communication Technology (ICT) environment aimed at growth and transformation (Potgieter et al., 2005).
30