Cyber Crisis Management Roles - A Municipality Responsibility Case Study

In this paper we propose a role model that can be applied in societal cyber crisis management to build safety and standard procedures during cyber security crisis. We define societal cyber crisis as the cyber crisis which affect the society in which disaster is or might be the consequence. The process to create our model started by analyzing regulations and responsibilities in Norwegian municipalities, and we used steps of a design science research (DSR) research approach to create our suggested artifact. A combination of conventional crisis management and cyber crisis management is proposed to identify the interrelationships among diverse stakeholders when managing the preparation for and reaction to a cyber crisis incident. We present a cyber incident handling role model (CIHRM) which is usable for visualizing cyber crisis in a diversity of organizations. After our model has been reviewed by the cyber security research community, we plan to implement the model when analyzing crisis management in various organizations to prepare for instructions, training and exercises at our training environment - The Norwegian Cyber Range.

[1]  Stewart Kowalski,et al.  Evaluating a Framework for Securing E-Government Services -- A Case of Tanzania , 2013, 2013 46th Hawaii International Conference on System Sciences.

[2]  M. V. Eeten,et al.  Systems that Should Have Failed: Critical Infrastructure Protection in an Institutionally Fragmented Environment , 2007 .

[3]  Shari Lawrence Pfleeger,et al.  Leveraging behavioral science to mitigate cyber security risk , 2012, Comput. Secur..

[4]  Geoffrey Rwezaura Karokola,et al.  A Framework for Securing e-Government Services : The Case of Tanzania , 2012 .

[5]  C. S. Holling,et al.  Resilience, Adaptability and Transformability in Social–ecological Systems , 2004 .

[6]  Vijay K. Vaishnavi,et al.  A Framework for Theory Development in Design Science Research: Multiple Perspectives , 2012, J. Assoc. Inf. Syst..

[7]  Wil M.P. van der Aalst Data Scientist: The Engineer of the Future , 2014, I-ESA.

[8]  Dilanthi Amaratunga,et al.  An integrative review of the built environment discipline's role in the development of society's resilience to disasters , 2010 .

[9]  W. Neil Adger,et al.  Does Adaptive Management of Natural Resources Enhance Resilience to Climate Change , 2004 .

[10]  S. Boeke National cyber crisis management: Different European approaches , 2018 .

[11]  Patrick Lagadec,et al.  Preventing Chaos in a Crisis: Strategies for Prevention, Control and Damage Limitation , 1993 .

[12]  Wolter Pieters,et al.  Cyber Crisis Management: A Decision-Support Framework for Disclosing Security Incident Information , 2012, 2012 International Conference on Cyber Security.

[13]  Donald P. Moynihan,et al.  The Network Governance of Crisis Response: Case Studies of Incident Command Systems , 2009 .