The growing sophistication and frequency of cyber attacks force modern companies to be prepared beforehand for potential cyber security incidents and data leaks. A proper incident disclosure strategy can significantly improve timeliness and effectiveness of incident response activities, reduce legal fines, and restore confidence and trust of a company's key stakeholders. In this paper, four factors that shape organizational preferences regarding incident information disclosure are introduced. Together, they create a set of challenges for a company when deciding to whom, when, what, and how to share cyber security incident information. We further propose a decision-support framework that provides step-by-step guidance for organizations to address these challenges, and develop an appropriate incident disclosure strategy.
|Name||Cyber Security (CyberSecurity), 2012 International Conference|
|Publisher||IEEE Computer Society|
|Conference||International Conference on Cyber Security, CyberSecurity 2012, Washington, USA|
|Period||16/12/12 → …|
- incident information
- Cyber Crisis Management: decision-support
- disclosing security