Coordinated Cybersecurity Incident Handling:

Roles, Processes, and Coordination Networks for Crosscutting Incidents

Osorno, M., Millar, T., & Rager, D. (2011). Coordinated cybersecurity incident handling: Roles, processes, and coordination networks for crosscutting incidents. JOHNS HOPKINS UNIV LAUREL MD APPLIED PHYSICS LAB.

To aid in the practice of securing computing systems and managing related incidents, the United States government cybersecurity community has proposed and promulgated a variety of incident handling life cycles, taxonomies, and data formats. However, current incident handling life cycles are limited to a set of discrete, ordered, and sequential steps executed for a specific security incident that is assumed to be identifiable knowable, and resolvable. These life cycles have not been reconciled with existing taxonomies and data formats nor have they been designed for concurrency or compatibility with business, military, or situational awareness process models. We propose building on existing work in the cybersecurity field by modifying linear life cycles into a distributed, concurrent loosely coupled, and action driven framework that can manage multiple, simultaneous, and complex events. By reevaluating existing processes, mapping them to relevant decision support process models, identifying functional user roles, and incorporating information elements from existing taxonomies and data formats, we describe a coordination network process model for crosscutting cybersecurity incidents.

Pittsburgh, PA, US