IT Security Vulnerability and Incident Response Management

W.H.M. Hafkamp

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

3 Downloads (Pure)

Abstract

This paper summarises the results of a Dutch PhD research project on IT security vulnerability and incident response management, which is supervised by the University of Twente in the Netherlands and which is currently in its final stage. Vulnerabilities are ‘failures or weaknesses in computer (application) system design, implementation or operation which can be exploited to violate the security policy defined for that system’. Incidents are defined as ‘events that have actual or potentially adverse effects on computer or network operations resulting in fraud, waste or abuse, compromise of information or loss or damage of property of information’. Hacking, denial-of-service attacks and computer viruses are examples of such events. The research project identifies a number of shortcomings in IT service management processes which affect the speed and quality of IT security vulnerability and incident response processes in enterprises. To shorten the lifecycle of vulnerabilities organizations should implement three basic process elements: (1) filtering and analyzing of vulnerability announcements and alerts, (2) prioritizing of vulnerability response activities and (3) scanning of infrastructure components. Each of these steps can be related to specific IT service management processes and to IT security incident management in particular. Using checklists, procedures and dedicated response capabilities, IT organizations are able to faster detect and respond to incidents.
Original languageEnglish
Title of host publicationISSE 2006 — Securing Electronic Busines Processes
Subtitle of host publicationHighlights of the Information Security Solutions Europe 2006 Conference
EditorsSachar Paulus, Norbert Pohlman, Helmut Reimer
Place of PublicationWiesbaden
PublisherVieweg
Pages387-395
Number of pages9
ISBN (Print)978-3-8348-0213-2
DOIs
Publication statusPublished - Oct 2006
EventInformation Security Solutions Europe Conference, ISSE 2006 - Rome, Italy
Duration: 10 Oct 200612 Oct 2006

Conference

ConferenceInformation Security Solutions Europe Conference, ISSE 2006
Abbreviated titleISSE
CountryItaly
CityRome
Period10/10/0612/10/06

Fingerprint

Computer crime
Computer viruses
Computer applications
Systems analysis
Scanning
Industry
Denial-of-service attack

Keywords

  • Intrusion detection system
  • Security vulnerability
  • Security incident
  • Incident management
  • Incident response

Cite this

Hafkamp, W. H. M. (2006). IT Security Vulnerability and Incident Response Management. In S. Paulus, N. Pohlman, & H. Reimer (Eds.), ISSE 2006 — Securing Electronic Busines Processes: Highlights of the Information Security Solutions Europe 2006 Conference (pp. 387-395). Wiesbaden: Vieweg. https://doi.org/10.1007/978-3-8348-9195-2_41
Hafkamp, W.H.M. / IT Security Vulnerability and Incident Response Management. ISSE 2006 — Securing Electronic Busines Processes: Highlights of the Information Security Solutions Europe 2006 Conference. editor / Sachar Paulus ; Norbert Pohlman ; Helmut Reimer. Wiesbaden : Vieweg, 2006. pp. 387-395
@inproceedings{39b126e07314453c8460b7ac949701c5,
title = "IT Security Vulnerability and Incident Response Management",
abstract = "This paper summarises the results of a Dutch PhD research project on IT security vulnerability and incident response management, which is supervised by the University of Twente in the Netherlands and which is currently in its final stage. Vulnerabilities are ‘failures or weaknesses in computer (application) system design, implementation or operation which can be exploited to violate the security policy defined for that system’. Incidents are defined as ‘events that have actual or potentially adverse effects on computer or network operations resulting in fraud, waste or abuse, compromise of information or loss or damage of property of information’. Hacking, denial-of-service attacks and computer viruses are examples of such events. The research project identifies a number of shortcomings in IT service management processes which affect the speed and quality of IT security vulnerability and incident response processes in enterprises. To shorten the lifecycle of vulnerabilities organizations should implement three basic process elements: (1) filtering and analyzing of vulnerability announcements and alerts, (2) prioritizing of vulnerability response activities and (3) scanning of infrastructure components. Each of these steps can be related to specific IT service management processes and to IT security incident management in particular. Using checklists, procedures and dedicated response capabilities, IT organizations are able to faster detect and respond to incidents.",
keywords = "Intrusion detection system, Security vulnerability, Security incident, Incident management, Incident response",
author = "W.H.M. Hafkamp",
year = "2006",
month = "10",
doi = "10.1007/978-3-8348-9195-2_41",
language = "English",
isbn = "978-3-8348-0213-2",
pages = "387--395",
editor = "Sachar Paulus and Norbert Pohlman and Helmut Reimer",
booktitle = "ISSE 2006 — Securing Electronic Busines Processes",
publisher = "Vieweg",

}

Hafkamp, WHM 2006, IT Security Vulnerability and Incident Response Management. in S Paulus, N Pohlman & H Reimer (eds), ISSE 2006 — Securing Electronic Busines Processes: Highlights of the Information Security Solutions Europe 2006 Conference. Vieweg, Wiesbaden, pp. 387-395, Information Security Solutions Europe Conference, ISSE 2006, Rome, Italy, 10/10/06. https://doi.org/10.1007/978-3-8348-9195-2_41

IT Security Vulnerability and Incident Response Management. / Hafkamp, W.H.M.

ISSE 2006 — Securing Electronic Busines Processes: Highlights of the Information Security Solutions Europe 2006 Conference. ed. / Sachar Paulus; Norbert Pohlman; Helmut Reimer. Wiesbaden : Vieweg, 2006. p. 387-395.

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

TY - GEN

T1 - IT Security Vulnerability and Incident Response Management

AU - Hafkamp, W.H.M.

PY - 2006/10

Y1 - 2006/10

N2 - This paper summarises the results of a Dutch PhD research project on IT security vulnerability and incident response management, which is supervised by the University of Twente in the Netherlands and which is currently in its final stage. Vulnerabilities are ‘failures or weaknesses in computer (application) system design, implementation or operation which can be exploited to violate the security policy defined for that system’. Incidents are defined as ‘events that have actual or potentially adverse effects on computer or network operations resulting in fraud, waste or abuse, compromise of information or loss or damage of property of information’. Hacking, denial-of-service attacks and computer viruses are examples of such events. The research project identifies a number of shortcomings in IT service management processes which affect the speed and quality of IT security vulnerability and incident response processes in enterprises. To shorten the lifecycle of vulnerabilities organizations should implement three basic process elements: (1) filtering and analyzing of vulnerability announcements and alerts, (2) prioritizing of vulnerability response activities and (3) scanning of infrastructure components. Each of these steps can be related to specific IT service management processes and to IT security incident management in particular. Using checklists, procedures and dedicated response capabilities, IT organizations are able to faster detect and respond to incidents.

AB - This paper summarises the results of a Dutch PhD research project on IT security vulnerability and incident response management, which is supervised by the University of Twente in the Netherlands and which is currently in its final stage. Vulnerabilities are ‘failures or weaknesses in computer (application) system design, implementation or operation which can be exploited to violate the security policy defined for that system’. Incidents are defined as ‘events that have actual or potentially adverse effects on computer or network operations resulting in fraud, waste or abuse, compromise of information or loss or damage of property of information’. Hacking, denial-of-service attacks and computer viruses are examples of such events. The research project identifies a number of shortcomings in IT service management processes which affect the speed and quality of IT security vulnerability and incident response processes in enterprises. To shorten the lifecycle of vulnerabilities organizations should implement three basic process elements: (1) filtering and analyzing of vulnerability announcements and alerts, (2) prioritizing of vulnerability response activities and (3) scanning of infrastructure components. Each of these steps can be related to specific IT service management processes and to IT security incident management in particular. Using checklists, procedures and dedicated response capabilities, IT organizations are able to faster detect and respond to incidents.

KW - Intrusion detection system

KW - Security vulnerability

KW - Security incident

KW - Incident management

KW - Incident response

U2 - 10.1007/978-3-8348-9195-2_41

DO - 10.1007/978-3-8348-9195-2_41

M3 - Conference contribution

SN - 978-3-8348-0213-2

SP - 387

EP - 395

BT - ISSE 2006 — Securing Electronic Busines Processes

A2 - Paulus, Sachar

A2 - Pohlman, Norbert

A2 - Reimer, Helmut

PB - Vieweg

CY - Wiesbaden

ER -

Hafkamp WHM. IT Security Vulnerability and Incident Response Management. In Paulus S, Pohlman N, Reimer H, editors, ISSE 2006 — Securing Electronic Busines Processes: Highlights of the Information Security Solutions Europe 2006 Conference. Wiesbaden: Vieweg. 2006. p. 387-395 https://doi.org/10.1007/978-3-8348-9195-2_41