Information Security Incident Management: Planning for Failure

This paper reports on an interview study on information security incident management that has been conducted in organizations operating industrial control systems that are highly dependent on conventional IT systems. Six distribution service operators from the power industry have participated in the study. We have investigated current practice regarding planning and preparation activities for incident management, and identified similarities and differences between the two traditions of conventional IT systems and industrial control systems. The findings show that there are differences between the IT and ICS disciplines in how they perceive an information security incident and how they plan and prepare for responding to such. The completeness of documented plans and procedures for incident management varies. Where documentation exists, this is in general not well-established throughout the organization. Training exercises with specific focus on information security are rarely performed. There is a need to create amore unified approach to information security incident management in order for the power industry to be sufficiently prepared to meet the challenges posed by Smart Grids in the near future.

[1]  Young U. Ryu,et al.  Unrealistic optimism on information security management , 2012, Comput. Secur..

[2]  Annabelle Lee,et al.  Guidelines for Smart Grid Cyber Security , 2010 .

[3]  Cathrine Hove,et al.  Information Security Incident Management: An Empirical Study of Current Practice , 2013 .

[4]  D. Caulley Qualitative research for education: An introduction to theories and methods , 2007 .

[5]  Martin Gilje Jaatun,et al.  A framework for incident response management in the petroleum industry , 2009, Int. J. Crit. Infrastructure Prot..

[6]  T. Diefenbach Are case studies more than sophisticated storytelling?: Methodological problems of qualitative empirical research mainly based on semi-structured interviews , 2009 .

[7]  Jan Guynes Clark,et al.  Why there aren't more information security research studies , 2004, Inf. Manag..

[8]  Brett C. Tjaden,et al.  Identifying a Shared Mental Model Among Incident Responders , 2013, 2013 Seventh International Conference on IT Security Incident Management and IT Forensics.

[9]  Kasia Muldner,et al.  Preparation, detection, and analysis: the diagnostic work of IT security incident response , 2010, Inf. Manag. Comput. Secur..

[10]  James J. Cusick,et al.  Creating an ITIL inspired Incident Management approach: Roots, response, and results , 2010, 2010 IEEE/IFIP Network Operations and Management Symposium Workshops.

[11]  J.D. Sterman,et al.  Nobody Ever Gets Credit for Fixing Problems That Never Happened: Creating and Sustaining Process Improvement , 2001, IEEE Engineering Management Review.

[12]  Maria B. Line,et al.  A Case Study: Preparing for the Smart Grids - Identifying Current Practice for Information Security Incident Management in the Power Industry , 2013, 2013 Seventh International Conference on IT Security Incident Management and IT Forensics.

[13]  Karin Bernsmed,et al.  Forewarned is Forearmed: Indicators for Evaluating Information Security Incident Management , 2013, 2013 Seventh International Conference on IT Security Incident Management and IT Forensics.

[14]  J. Knottnerus,et al.  Real world research. , 2010, Journal of clinical epidemiology.

[15]  Wolfgang Hommel,et al.  Integrated Security Incident Management -- Concepts and Real-World Experiences , 2011, 2011 Sixth International Conference on IT Security Incident Management and IT Forensics.

[16]  Martin Gilje Jaatun,et al.  Cyber security challenges in Smart Grids , 2011, 2011 2nd IEEE PES International Conference and Exhibition on Innovative Smart Grid Technologies.

[17]  Erik Hollnagel,et al.  Resilience Engineering in Practice: A Guidebook , 2012 .